CVE-2023-33190

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-33190
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33190.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-33190
Aliases
Published
2023-06-29T17:27:08.015Z
Modified
2025-11-29T14:16:33.861281Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Improperly configured permissions in Sealos
Details

Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-287"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33190.json"
}
References

Affected packages

Git / github.com/labring/sealos

Affected ranges

Type
GIT
Repo
https://github.com/labring/sealos
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
da8afb066e0365b37657d57ebc490be4a9f70e70
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.2.1-rc4"
        }
    ]
}

Affected versions

kubeadm1.*

kubeadm1.12.2

v1.*

v1.0.0-alpha.0
v1.0.0-beta.0
v1.12.0-beta.0
v1.13.0
v1.13.2
v1.14.0

v2.*

v2.0.0-alpha.0
v2.0.0-alpha.10
v2.0.0-alpha.2
v2.0.0-alpha.3
v2.0.0-alpha.4
v2.0.0-alpha.5
v2.0.0-alpha.6
v2.0.0-alpha.7
v2.0.0-beta.0
v2.0.0-beta.2
v2.0.0.alpha.8
v2.0.0.alpha.9
v2.0.1-beta.0
v2.0.1-beta.1
v2.0.1-beta.2
v2.0.1-beta.3
v2.0.3
v2.0.4
v2.0.5
v2.0.5-alpha.0
v2.0.5-alpha.1
v2.0.5-alpha.2
v2.0.5-alpha.3
v2.0.5-alpha.4
v2.0.5-alpha.5
v2.0.5-alpha.6
v2.0.6
v2.0.7

v3.*

v3.0.0
v3.0.0-alpha.0
v3.0.0-beta.0
v3.0.0-beta.1
v3.0.0-beta.2
v3.0.1
v3.0.1-alpha.0
v3.0.1-alpha.1
v3.0.1-alpha.2
v3.1.0
v3.1.0-alpha.0
v3.1.0-alpha.1
v3.1.0-alpha.2
v3.1.0-alpha.3
v3.1.0-alpha.4
v3.1.1
v3.1.1-alpha.0
v3.1.1-alpha.1
v3.1.1-alpha.2
v3.1.1-alpha.3
v3.1.2-alpha.0
v3.1.2-alpha.1
v3.2.0
v3.2.0-beta.0
v3.2.0-beta.2
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9-alpha.0
v3.3.9-alpha.1
v3.3.9-alpha.2
v3.3.9-beta.0
v3.3.9-beta.1
v3.3.9-beta.2
v3.3.9-beta.3
v3.3.9-rc.0
v3.3.9-rc.1
v3.3.9-rc.2
v3.3.9-rc.3
v3.3.9-rc.5
v3.3.9-rc.6
v3.3.9-rc.7
v3.3.9-rc.8
v3.3.9-rc.9

v4.*

v4.0.0
v4.0.0-alpha.1
v4.0.0-alpha.10
v4.0.0-alpha.11
v4.0.0-alpha.12
v4.0.0-alpha.13
v4.0.0-alpha.14
v4.0.0-alpha.15
v4.0.0-alpha.16
v4.0.0-alpha.2
v4.0.0-alpha.3
v4.0.0-alpha.4
v4.0.0-alpha.5
v4.0.0-alpha.6
v4.0.0-alpha.7
v4.0.0-alpha.8
v4.0.0-alpha.9
v4.0.0-rc1
v4.1.0
v4.1.0-rc1
v4.1.0-rc2
v4.1.0-rc3
v4.1.1
v4.1.2
v4.1.2-rc1
v4.1.3
v4.1.3-rc1
v4.1.4
v4.1.4-rc1
v4.1.4-rc2
v4.1.4-rc3
v4.1.4-rc4
v4.1.5
v4.1.5-alpha1
v4.1.5-alpha2
v4.1.5-rc1
v4.1.5-rc2
v4.1.5-rc3
v4.2.0
v4.2.0-alpha1
v4.2.0-alpha2
v4.2.0-alpha3
v4.2.1-rc1
v4.2.1-rc2
v4.2.1-rc3