Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-33190: Improper configuration of RBAC permissions obtaining cluster control permissions

Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.0 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
Open in Source
#vulnerability#kubernetes#auth

Affected versions

< 4.2.0

Description

Summary

Improper configuration of RBAC permissions resulted in obtaining cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster.

Details

detail’s is disable by publish.

PoC

detail’s is disable by publish.

Impact

  • sealos public cloud user
  • CWE-287 Improper Authentication

Related news

GHSA-74j8-w7f9-pp62: Improper configuration of RBAC permissions obtaining cluster control permissions

### Summary Improper configuration of RBAC permissions resulted in obtaining cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. ### Details detail's is disable by publish. ### PoC detail's is disable by publish. ### Impact + sealos public cloud user + CWE-287 Improper Authentication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE