PT-2024-32021 · Unknown · Kubesphere Enterprise+1
Okan Kurtuluå
·
Published
2024-10-14
·
Updated
2025-08-28
·
CVE-2024-46528
CVSS v4.0
4.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
Name of the Vulnerable Software and Affected Versions
KubeSphere versions 3.x through 3.4.1
KubeSphere versions 4.x through 4.1.1
KubeSphere Enterprise versions 3.x through 3.5.0
KubeSphere Enterprise versions 4.x through 4.1.3
Description
An Insecure Direct Object Reference (IDOR) vulnerability allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
Recommendations
For KubeSphere versions 3.x through 3.4.1, update to a version later than 3.4.1.
For KubeSphere versions 4.x through 4.1.1, update to a version later than 4.1.1, or wait for the expected fix in v4.1.3.
For KubeSphere Enterprise versions 3.x through 3.5.0, update to a version later than 3.5.0.
For KubeSphere Enterprise versions 4.x through 4.1.3, update to a version later than 4.1.3.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kubesphere
Kubesphere Enterprise