cvedb.io
CVE-2023-36815
HIGH · CVSS 7.3
EPSS exploitation probability: 0%
Published 2023-07-03T18:15:09.653 · Last modified 2026-06-17T06:07:08.110

Summary

Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account `sealos[.] io/v1/Payment`, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists.

Affected products

sealos — sealos

Does this affect you?

Add your gear to cvedb and we'll alert you only when sealos ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.