CVE-2023-36815

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-36815

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36815.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-36815

Aliases

GHSA-vpxf-q44g-w34w

Published

2023-07-03T17:44:28.932Z

Modified

2025-11-29T14:21:35.513449Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Sealos billing system permission control defect

Details

Sealos is a Cloud Operating System designed for managing cloud-native applications. In version 4.2.0 and prior, there is a permission flaw in the Sealos billing system, which allows users to control the recharge resource account sealos[.] io/v1/Payment, resulting in the ability to recharge any amount of 1 renminbi (RMB). The charging interface may expose resource information. The namespace of this custom resource would be user's control and may have permission to correct it. It is not clear whether a fix exists.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36815.json",
    "cwe_ids": [
        "CWE-862"
    ]
}

References

Affected packages

Git / github.com/labring/sealos

Affected ranges

Type

GIT

Repo

https://github.com/labring/sealos

Events

Introduced

Last affected

f696a621e5a91ce771b725e8b465f7f84f2aaa13

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.0"
        }
    ]
}

Affected versions

kubeadm1.*

kubeadm1.12.2

v1.*

v1.0.0-alpha.0

v1.0.0-beta.0

v1.12.0-beta.0

v1.13.0

v1.13.2

v1.14.0

v2.*

v2.0.0-alpha.0

v2.0.0-alpha.10

v2.0.0-alpha.2

v2.0.0-alpha.3

v2.0.0-alpha.4

v2.0.0-alpha.5

v2.0.0-alpha.6

v2.0.0-alpha.7

v2.0.0-beta.0

v2.0.0-beta.2

v2.0.0.alpha.8

v2.0.0.alpha.9

v2.0.1-beta.0

v2.0.1-beta.1

v2.0.1-beta.2

v2.0.1-beta.3

v2.0.3

v2.0.4

v2.0.5

v2.0.5-alpha.0

v2.0.5-alpha.1

v2.0.5-alpha.2

v2.0.5-alpha.3

v2.0.5-alpha.4

v2.0.5-alpha.5

v2.0.5-alpha.6

v2.0.6

v2.0.7

v3.*

v3.0.0

v3.0.0-alpha.0

v3.0.0-beta.0

v3.0.0-beta.1

v3.0.0-beta.2

v3.0.1

v3.0.1-alpha.0

v3.0.1-alpha.1

v3.0.1-alpha.2

v3.1.0

v3.1.0-alpha.0

v3.1.0-alpha.1

v3.1.0-alpha.2

v3.1.0-alpha.3

v3.1.0-alpha.4

v3.1.1

v3.1.1-alpha.0

v3.1.1-alpha.1

v3.1.1-alpha.2

v3.1.1-alpha.3

v3.1.2-alpha.0

v3.1.2-alpha.1

v3.2.0

v3.2.0-beta.0

v3.2.0-beta.2

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9-alpha.0

v3.3.9-alpha.1

v3.3.9-alpha.2

v3.3.9-beta.0

v3.3.9-beta.1

v3.3.9-beta.2

v3.3.9-beta.3

v3.3.9-rc.0

v3.3.9-rc.1

v3.3.9-rc.2

v3.3.9-rc.3

v3.3.9-rc.5

v3.3.9-rc.6

v3.3.9-rc.7

v3.3.9-rc.8

v3.3.9-rc.9

v4.*

v4.0.0

v4.0.0-alpha.1

v4.0.0-alpha.10

v4.0.0-alpha.11

v4.0.0-alpha.12

v4.0.0-alpha.13

v4.0.0-alpha.14

v4.0.0-alpha.15

v4.0.0-alpha.16

v4.0.0-alpha.2

v4.0.0-alpha.3

v4.0.0-alpha.4

v4.0.0-alpha.5

v4.0.0-alpha.6

v4.0.0-alpha.7

v4.0.0-alpha.8

v4.0.0-alpha.9

v4.0.0-rc1

v4.1.0

v4.1.0-rc1

v4.1.0-rc2

v4.1.0-rc3

v4.1.1

v4.1.2

v4.1.2-rc1

v4.1.3

v4.1.3-rc1

v4.1.4

v4.1.4-rc1

v4.1.4-rc2

v4.1.4-rc3

v4.1.4-rc4

v4.1.5

v4.1.5-alpha1

v4.1.5-alpha2

v4.1.5-rc1

v4.1.5-rc2

v4.1.5-rc3

v4.2.0

v4.2.0-alpha1

v4.2.0-alpha2

v4.2.0-alpha3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36815.json"