An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
History

Thu, 31 Oct 2024 17:45:00 +0000

Type Values Removed Values Added
References

Thu, 31 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Description An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.

Tue, 22 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Tue, 22 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Kubesphere kubesphere
Weaknesses CWE-639
CPEs cpe:2.3:a:kubesphere:kubeshpere:*:*:*:*:*:*:*:* cpe:2.3:a:kubesphere:kubesphere:*:*:*:*:*:*:*:*
cpe:2.3:a:kubesphere:kubesphere:*:*:*:*:enterprise:*:*:*
Vendors & Products Kubesphere kubeshpere
Kubesphere kubesphere

Tue, 15 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Kubesphere
Kubesphere kubeshpere
CPEs cpe:2.3:a:kubesphere:kubeshpere:*:*:*:*:*:*:*:*
Vendors & Products Kubesphere
Kubesphere kubeshpere
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 14 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Description An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-10-14T00:00:00

Updated: 2024-10-31T16:57:29.495715

Reserved: 2024-09-11T00:00:00

Link: CVE-2024-46528

cve-icon Vulnrichment

Updated: 2024-10-15T14:48:48.867Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-14T18:15:03.847

Modified: 2024-11-21T09:38:41.650

Link: CVE-2024-46528

cve-icon Redhat

No data.