Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sealos billing system permission control defect
Vulnerability Description
Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Sealos 安全漏洞
Vulnerability Description
Sealos是专为管理云原生应用程序而设计的云操作系统。 Sealos 4.2.0及之前版本存在安全漏洞,该漏洞源于存在权限缺陷,计费接口可以暴露资源信息。
CVSS Information
N/A
Vulnerability Type
N/A