CVE-2023-36815 - OpenCVE

Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sealos	Sealos

Configuration 1 [-]

cpe:2.3:o:sealos:sealos:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-03T17:44:28.932Z

Updated: 2024-08-02T17:01:09.546Z

Reserved: 2023-06-27T15:43:18.384Z

Link: CVE-2023-36815

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-03T18:15:09.653

Modified: 2023-07-10T17:51:41.407

Link: CVE-2023-36815

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36815", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-27T15:43:18.384Z", "datePublished": "2023-07-03T17:44:28.932Z", "dateUpdated": "2024-08-02T17:01:09.546Z"}, "containers": {"cna": {"title": "Sealos billing system permission control defect", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w"}], "affected": [{"vendor": "labring", "product": "sealos", "versions": [{"version": "<= 4.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-03T17:44:28.932Z"}, "descriptions": [{"lang": "en", "value": "Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists."}], "source": {"advisory": "GHSA-vpxf-q44g-w34w", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:09.546Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sealos:sealos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B965B10B-22C0-4E67-952E-F2C02EB385C9", "versionEndIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists."}], "id": "CVE-2023-36815", "lastModified": "2023-07-10T17:51:41.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-03T18:15:09.653", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/labring/sealos/security/advisories/GHSA-vpxf-q44g-w34w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}