{"id":"CVE-2024-46528","details":"An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.","aliases":["GHSA-p26r-gfgc-c47h","GO-2024-3248"],"modified":"2026-05-15T04:10:05.156192004Z","published":"2024-10-14T00:00:00Z","related":["openSUSE-SU-2024:14599-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46528.json","unresolved_ranges":[{"source":"DESCRIPTION","extracted_events":[{"introduced":"3.x"},{"fixed":"3.5.0"}]}],"cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://kubesphere.io/"},{"type":"WEB","url":"https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46528.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46528"},{"type":"ADVISORY","url":"https://www.kubesphere.io/news/kubesphere-cve-2024-46528/"},{"type":"REPORT","url":"https://github.com/kubesphere/kubesphere/issues/6227"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}