← back
CVE-2024-46528

CVE-2024-46528

CVSS 4.3 MEDIUMEPSS 1.6%CWE-639
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/52097unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/kubesphere/kubesphere/issues/6227https://kubesphere.io/https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere/https://www.kubesphere.io/news/kubesphere-cve-2024-46528/