Lucene search

GitHub_MCVE-2023-30550

HistoryMay 04, 2023 - 6:15 p.m.

CVE-2023-30550

2023-05-0418:15:10

CWE-639

GitHub_M

web.nvd.nist.gov

metersphere

open source

continuous testing platform

idor vulnerability

project admin

modify

nvd

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.

Affected configurations

Nvd

Vulners

Node

meterspheremetersphereRange<2.9.0

VendorProductVersionCPE
meterspheremetersphere*cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
metersphere	metersphere	*	cpe:2.3:a:metersphere:metersphere::::::::

CNA Affected

[
  {
    "vendor": "metersphere",
    "product": "metersphere",
    "versions": [
      {
        "version": "< 2.9.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/metersphere/metersphere/releases/tag/v2.9.0

github.com/metersphere/metersphere/security/advisories/GHSA-j5cq-cpw2-gp2q

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

Related for CVE-2023-30550