CVE-2023-36815 – github.com/labring/sealos

Package

Manager: go
Name: github.com/labring/sealos
Vulnerable Version: >=0 <=4.2.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00167 pctl0.38239

Details

Sealos billing system permission control defect ### Summary There is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account. sealos. io/v1/Payment, resulting in the ability to recharge any amount of 1 RMB. ### Details The reason is that sealos is in arrears. Egg pain, we can't create a terminal anymore. Let's charge for it: Then it was discovered that the charging interface had returned all resource information. Unfortunately, based on previous vulnerability experience, the namespace of this custom resource is still under the current user's control and may have permission to correct it. ### PoC disable by publish ### Impact + sealos public cloud user + CWE-287 Improper Authentication

Metadata

Created: 2023-06-30T20:36:55Z
Modified: 2023-07-03T18:38:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-vpxf-q44g-w34w/GHSA-vpxf-q44g-w34w.json
CWE IDs: ["CWE-287", "CWE-862"]
Alternative ID: GHSA-vpxf-q44g-w34w
Finding: F039
Auto approve: 1