CVE-2024-46528

EUVD-2024-3090
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
kubespherekubesphere
3.0.0 ≤
𝑥
≤ 3.4.1
ADP
kubespherekubesphere
4.0 ≤
𝑥
< 4.1.3
ADP
kubespherekubesphere
3.0.0 ≤
𝑥
≤ 3.5.0
ADP
kubespherekubesphere
4.0 ≤
𝑥
< 4.1.3
ADP
Common Weakness Enumeration
References
https://github.com/kubesphere/kubesphere/issues/6227
https://kubesphere.io/
https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere/
https://www.kubesphere.io/news/kubesphere-cve-2024-46528/