9.9
CVE-2023-33190
- EPSS 0.17%
- Veröffentlicht 29.06.2023 19:15:08
- Zuletzt bearbeitet 21.11.2024 08:05:05
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginSealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sealos Project ≫ Sealos Version < 4.2.1
Sealos Project ≫ Sealos Version4.2.1 Updaterc1
Sealos Project ≫ Sealos Version4.2.1 Updaterc2
Sealos Project ≫ Sealos Version4.2.1 Updaterc3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.382 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.