CVE-2024-46528

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
Configurations

No configuration.

History

21 Nov 2024, 09:38

Type Values Removed Values Added
References
  • () https://www.kubesphere.io/news/kubesphere-cve-2024-46528/ -
References () https://github.com/kubesphere/kubesphere/issues/6227 - () https://github.com/kubesphere/kubesphere/issues/6227 -
References () https://kubesphere.io/ - () https://kubesphere.io/ -

31 Oct 2024, 17:15

Type Values Removed Values Added
Summary (en) An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. (en) An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
References
  • {'url': 'http://kubesphere.com', 'source': 'cve@mitre.org'}
  • () https://github.com/kubesphere/kubesphere/issues/6227 -
  • () https://kubesphere.io/ -

22 Oct 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 4.3

22 Oct 2024, 13:35

Type Values Removed Values Added
CWE CWE-639

15 Oct 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de referencia directa de objetos insegura (IDOR) en KubeSphere v3.4.1 y v4.1.1 permite a atacantes autenticados con pocos privilegios acceder a recursos confidenciales sin las verificaciones de autorización adecuadas.

14 Oct 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-14 18:15

Updated : 2024-11-21 09:38


NVD link : CVE-2024-46528

Mitre link : CVE-2024-46528

CVE.ORG link : CVE-2024-46528


JSON object : View

Products Affected

No product.

CWE
CWE-639

Authorization Bypass Through User-Controlled Key