Lucene search
MitreCVE-2021-45790HistorySep 29, 2022 - 3:15 a.m.
CVE-2021-45790
2022-09-2903:15:14
CWE-434
mitre
web.nvd.nist.gov
24
4
cve
2021
45790
metersphere
vulnerability
file upload
unauthenticated
command execution
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.004
Percentile
73.9%
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.
Affected configurations
Node
meterspheremetersphereMatch1.15.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| metersphere | metersphere | 1.15.4 | cpe:2.3:a:metersphere:metersphere:1.15.4:*:*:*:*:*:*:* |
Social References
More
Related
osv
osv
CVE-2021-45790
2022-09-29 03:15:14
cnvd
cnvd
Metersphere arbitrary file upload vulnerability
2022-10-08 00:00:00
prion
prion
Design/Logic Flaw
2022-09-29 03:15:00
cvelist
cvelist
CVE-2021-45790
2021-12-27 11:58:36
nvd
nvd
CVE-2021-45790
2022-09-29 03:15:14
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.004
Percentile
73.9%
Related for CVE-2021-45790