CVE-2024-46528
published 2024-10-14CVE-2024-46528: An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and…
PriorityP428medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
1.62%
73.0th percentile
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | kubesphere_kubesphere | >= 3.0.0 < 3.4.1 | 3.4.1 |
| github.com | kubesphere_kubesphere | >= 4.0.0 < 4.1.3 | 4.1.3 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
KubeSphere IDOR vulnerability in github.com/kubesphere/kubesphere
osv·2024-12-12
CVE-2024-46528 KubeSphere IDOR vulnerability in github.com/kubesphere/kubesphere
KubeSphere IDOR vulnerability in github.com/kubesphere/kubesphere
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
NOTE: A fix is expected in v4.1.3 in January 2025.
GHSA
KubeSphere IDOR vulnerability
ghsa·2024-10-14
CVE-2024-46528 [MEDIUM] CWE-639 KubeSphere IDOR vulnerability
KubeSphere IDOR vulnerability
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
OSV
KubeSphere IDOR vulnerability
osv·2024-10-14
CVE-2024-46528 [MEDIUM] KubeSphere IDOR vulnerability
KubeSphere IDOR vulnerability
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
No detection rules found.
No writeups or analysis indexed.
2024-10-14
Published