CVE-2023-33190

Name of the Vulnerable Software and Affected Versions Sealos versions prior to 4.2.1-rc4

Description The issue is related to an improper configuration of role-based access control (RBAC) permissions in Sealos, an open-source cloud operating system distribution based on the Kubernetes kernel. This configuration flaw allows an attacker to obtain cluster control permissions, potentially controlling the entire cluster, hundreds of pods, and other resources within the cluster. The estimated number of potentially affected devices is not specified.

Recommendations For Sealos versions prior to 4.2.1-rc4, upgrade to version 4.2.1-rc4 or later to address the issue. As a temporary workaround, consider restricting access to RBAC permissions to minimize the risk of exploitation. There are no known workarounds for this issue other than upgrading to the fixed version.