KubeSphere IDOR vulnerability
Moderate severity
GitHub Reviewed
Published
Oct 14, 2024
to the GitHub Advisory Database
•
Updated Dec 12, 2024
Package
Affected versions
>= 4.0.0, < 4.1.3
>= 3.0.0, < 3.4.1
Patched versions
4.1.3
3.4.1
Description
Published by the National Vulnerability Database
Oct 14, 2024
Published to the GitHub Advisory Database
Oct 14, 2024
Reviewed
Nov 1, 2024
Last updated
Dec 12, 2024
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.
References