CVE-2023-33190— Sealos 授权问题漏洞

Improperly configured permissions in Sealos

Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

认证机制不恰当

Sealos 授权问题漏洞

Sealos是专为管理云原生应用程序而设计的云操作系统。 Sealos 4.2.0之前版本存在授权问题漏洞，该漏洞源于基于角色的访问控制 (RBAC) 权限配置不当，导致攻击者能够获取集群控制权限。

N/A

N/A