Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-07-03T17:44:28.932Z
Updated: 2024-08-02T17:01:09.546Z
Reserved: 2023-06-27T15:43:18.384Z
Link: CVE-2023-36815
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-03T18:15:09.653
Modified: 2023-07-10T17:51:41.407
Link: CVE-2023-36815
Redhat
No data.