Okan Kurtuluå

**Name of the Vulnerable Software and Affected Versions** KubeSphere versions 3.x through 3.4.1 KubeSphere versions 4.x through 4.1.1 KubeSphere Enterprise versions 3.x through 3.5.0 KubeSphere Enterprise versions 4.x through 4.1.3 **Description** An Insecure Direct Object Reference (IDOR) vulnerability allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. **Recommendations** For KubeSphere versions 3.x through 3.4.1, update to a version later than 3.4.1. For KubeSphere versions 4.x through 4.1.1, update to a version later than 4.1.1, or wait for the expected fix in v4.1.3. For KubeSphere Enterprise versions 3.x through 3.5.0, update to a version later than 3.5.0. For KubeSphere Enterprise versions 4.x through 4.1.3, update to a version later than 4.1.3.