Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/vulndb: potential Go vuln in github.com/kubesphere/kubesphere: GHSA-p26r-gfgc-c47h #3248

Open
GoVulnBot opened this issue Nov 1, 2024 · 0 comments

Comments

@GoVulnBot
Copy link

Advisory GHSA-p26r-gfgc-c47h references a vulnerability in the following Go modules:

Module
github.com/kubesphere/kubesphere

Description:
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.

References:

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/kubesphere/kubesphere
      non_go_versions:
        - introduced: 3.0.0
        - fixed: 3.4.1
        - introduced: 4.0.0
        - fixed: 4.1.3
      vulnerable_at: 0.0.0-20241101042708-faf255a0843c
summary: KubeSphere IDOR vulnerability in github.com/kubesphere/kubesphere
cves:
    - CVE-2024-46528
ghsas:
    - GHSA-p26r-gfgc-c47h
references:
    - advisory: https://github.com/advisories/GHSA-p26r-gfgc-c47h
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-46528
    - report: https://github.com/kubesphere/kubesphere/issues/6227
    - web: http://kubesphere.com
    - web: https://kubesphere.io
    - web: https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere
    - web: https://www.kubesphere.io/news/kubesphere-cve-2024-46528
source:
    id: GHSA-p26r-gfgc-c47h
    created: 2024-11-01T21:02:42.116039117Z
review_status: UNREVIEWED

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants