CVE-2024-46528

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. NOTE: A fix is expected in v4.1.3 in January 2025.

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.

Una vulnerabilidad de referencia directa de objetos insegura (IDOR) en KubeSphere v3.4.1 y v4.1.1 permite a atacantes autenticados con pocos privilegios acceder a recursos confidenciales sin las verificaciones de autorización adecuadas.