{"id":"GO-2024-3248","summary":"KubeSphere IDOR vulnerability in github.com/kubesphere/kubesphere","details":"An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.\n\nNOTE: A fix is expected in v4.1.3 in January 2025.","aliases":["CVE-2024-46528","GHSA-p26r-gfgc-c47h"],"modified":"2026-03-17T04:49:24.535713Z","published":"2024-12-12T15:16:34Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-3248","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-p26r-gfgc-c47h"},{"type":"REPORT","url":"https://github.com/kubesphere/kubesphere/issues/6227"},{"type":"WEB","url":"https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere"},{"type":"WEB","url":"https://www.kubesphere.io/news/kubesphere-cve-2024-46528"}],"affected":[{"package":{"name":"github.com/kubesphere/kubesphere","ecosystem":"Go","purl":"pkg:golang/github.com/kubesphere/kubesphere"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"custom_ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.0.0"},{"fixed":"3.4.1"},{"introduced":"4.0.0"},{"fixed":"4.1.3"}]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3248.json"}}],"schema_version":"1.7.5","credits":[{"name":"Okan Kurtuluş"}]}