CVE-2024-46528 Information

Description

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.

Reference

https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere/ https://kubesphere.io/ https://github.com/kubesphere/kubesphere/issues/6227