CVE-2024-46528

Published: Oct 14, 2024Modified: Aug 28, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://github.com/kubesphere/kubesphere/issues/6227

Source: cve@mitre.org

https://kubesphere.io/

Source: cve@mitre.org

https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere/

Source: cve@mitre.org

https://www.kubesphere.io/news/kubesphere-cve-2024-46528/

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.