CVE-2023-33190
Improper configuration of RBAC permissions obtaining cluster control permissions
9.9
CRITICAL
CVSS 3.1
EPSS 0.22%
描述
### Summary Improper configuration of RBAC permissions resulted in obtaining cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. ### Details detail's is disable by publish. ### PoC detail's is disable by publish. ### Impact + sealos public cloud user + CWE-287 Improper Authentication
如何修補 CVE-2023-33190
要修補 CVE-2023-33190,請將受影響套件升級到下列已修補版本。
- —升級至 4.2.1-rc4 或更新版本
CVE-2023-33190 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 4.2.1-rc4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |