An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
References
Configurations
No configuration.
History
21 Nov 2024, 09:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://github.com/kubesphere/kubesphere/issues/6227 - | |
References | () https://kubesphere.io/ - |
31 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. | |
References |
|
|
22 Oct 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
22 Oct 2024, 13:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-639 |
15 Oct 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
15 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Oct 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-14 18:15
Updated : 2024-11-21 09:38
NVD link : CVE-2024-46528
Mitre link : CVE-2024-46528
CVE.ORG link : CVE-2024-46528
JSON object : View
Products Affected
No product.
CWE
CWE-639
Authorization Bypass Through User-Controlled Key