Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improperly configured permissions in Sealos
Vulnerability Description
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Sealos 授权问题漏洞
Vulnerability Description
Sealos是专为管理云原生应用程序而设计的云操作系统。 Sealos 4.2.0之前版本存在授权问题漏洞,该漏洞源于基于角色的访问控制 (RBAC) 权限配置不当,导致攻击者能够获取集群控制权限。
CVSS Information
N/A
Vulnerability Type
N/A