Vulnerability Report: GO-2024-3248

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. NOTE: A fix is expected in v4.1.3 in January 2025.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-p26r-gfgc-c47h.

Affected Modules

*Custom versions, which can't be mapped automatically to standard Go module versions, are ignored by govulncheck. (See this note on versions for more details.)

Aliases

References

Credits

  • Okan Kurtuluş

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL