x/vulndb: potential Go vuln in github.com/kubesphere/kubesphere: GHSA-p26r-gfgc-c47h

[GoVulnBot]

Advisory GHSA-p26r-gfgc-c47h references a vulnerability in the following Go modules:

Module
github.com/kubesphere/kubesphere

Description:
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks.

References:

• ADVISORY: GHSA-p26r-gfgc-c47h
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-46528
• REPORT: CVE-2024-46528: IDOR security vulnerability  kubesphere/kubesphere#6227
• WEB: http://kubesphere.com
• WEB: https://kubesphere.io
• WEB: https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere
• WEB: https://www.kubesphere.io/news/kubesphere-cve-2024-46528

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/kubesphere/kubesphere
      non_go_versions:
        - introduced: 3.0.0
        - fixed: 3.4.1
        - introduced: 4.0.0
        - fixed: 4.1.3
      vulnerable_at: 0.0.0-20241101042708-faf255a0843c
summary: KubeSphere IDOR vulnerability in github.com/kubesphere/kubesphere
cves:
    - CVE-2024-46528
ghsas:
    - GHSA-p26r-gfgc-c47h
references:
    - advisory: https://github.com/advisories/GHSA-p26r-gfgc-c47h
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-46528
    - report: https://github.com/kubesphere/kubesphere/issues/6227
    - web: http://kubesphere.com
    - web: https://kubesphere.io
    - web: https://okankurtulus.com.tr/2024/09/09/idor-vulnerability-in-kubesphere
    - web: https://www.kubesphere.io/news/kubesphere-cve-2024-46528
source:
    id: GHSA-p26r-gfgc-c47h
    created: 2024-11-01T21:02:42.116039117Z
review_status: UNREVIEWED