CVE-2024-46528

MEDIUM

Kubesphere < 4.1.3 - IDOR

Title source: rule

Description

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.

Exploits (1)

exploitdb WRITEUP

by Okan Kurtulus · webappsmultiple

https://www.exploit-db.com/exploits/52097

View Code ZIP pw:eip

References (4)

[Various Sources] https://kubesphere.io/

[Various Sources] https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere/

[Various Sources] https://www.kubesphere.io/news/kubesphere-cve-2024-46528/

[Issue Tracking] https://github.com/kubesphere/kubesphere/issues/6227

Scores

CVSS v3 4.3

EPSS 0.0176

EPSS Percentile 82.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-639

Status published

Products (1)

kubesphere/kubesphere 4.0.0 - 4.1.3Go

Published Oct 14, 2024

Tracked Since Feb 18, 2026