CVE-2023-25573

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

EUVD-2019-0394

Malware in sbrugna...

EUVD-2022-4306

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-1297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngi...

Linux Distros Unpatched Vulnerability : CVE-2019-0187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unauthenticated RCE is possible when JMeter is used in distributed mode -r or -R command line options. Attacker can establish a RMI connection to a jmeter-serve...

Linux Distros Unpatched Vulnerability : CVE-2018-1287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get...

VulnCheck KEV: CVE-2023-25573

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process...

CVE-2023-25573

Metersphere contains an improper access control vulnerability: unauthenticated users can download arbitrary files via /api/jmeter/download/files, exposing sensitive data. Affected versions include those prior to the fixes, with remediation in versions 1.20.20 lts and 2.7.1. The issue stems from i...

MeterSphere 安全漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere versions before 1.20.20 lts and 2.7.1 have a security vulnerability that stems from incorrect access control in the file /api/jmeter/download/files, which can be exploited by an attacker to downlo...

K89010078: Apache vulnerabilities CVE-2018-1307, CVE-2018-1298, CVE-2018-1299, CVE-2018-1287, and CVE-2018-1297

Security Advisory Description CVE-2018-1307 In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and...

com.blazemeter:jmeter-plugins-directory-listing (>=0.2 <=0.3), com.blazemeter:jmeter-plugins-random-csv-data-set (>=0.6 <=0.8) +134 more potentially affected by CVE-2022-40705 via soap:soap (>=2.3 <=2.3.1)

soap:soap MAVEN version =2.3, =0.2, =0.6, =0.3, =1.0.0, =0.0.0, =0.0.0, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.1.0, =1.0.0, =1.1.3 and more Source cves: CVE-2022-40705 Source advisory: OSV:GHSA-JQ8C-J47C-VVWM...

GHSA-7V85-6HV2-RWGW Missing certificate validation in Apache JMeter

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

com.github.kulya:jmeter-gradle-plugin (>=1.3.1-2.6 <=1.3.4-2.13), com.lazerycode.jmeter:jmeter-maven-plugin (>=1.4 <=1.10.1) +7 more potentially affected by CVE-2018-1297 via org.apache.jmeter:ApacheJMeter (>=2.10 <=3.3)

org.apache.jmeter:ApacheJMeter MAVEN version =2.10, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.0.0-2.13, =0.6.2beta3-2.13, =0.6.2beta3-2.13, =6.3.0, =6.2.0, =6.10.0 Source cves: CVE-2018-1297 Source advisory: OSV:GHSA-7V85-6HV2-RWGW...

Missing certificate validation in Apache JMeter

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

com.github.kulya:jmeter-gradle-plugin (>=1.3.1-2.6 <=1.3.4-2.13), com.lazerycode.jmeter:jmeter-maven-plugin (>=1.4 <=1.10.1) +7 more potentially affected by CVE-2018-1287 via org.apache.jmeter:ApacheJMeter (>=2.10 <=3.3)

org.apache.jmeter:ApacheJMeter MAVEN version =2.10, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.0.0-2.13, =0.6.2beta3-2.13, =0.6.2beta3-2.13, =6.3.0, =6.2.0, =6.10.0 Source cves: CVE-2018-1287 Source advisory: OSV:GHSA-J7J7-G4WW-PXG5...

GHSA-J7J7-G4WW-PXG5 Missing certificate validation in Apache JMeter

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Distributed mode. In distributed mode, JMeter makes...

Missing certificate validation in Apache JMeter

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Distributed mode. In distributed mode, JMeter makes...

ai.stainless:grails-tika (=0.1.0), be.ugent.idlab.knows:dataio (>=1.2.0 <=1.3.1) +421 more potentially affected by CVE-2022-24613 via com.drewnoakes:metadata-extractor (>=2.10.1 <=2.17.0)

com.drewnoakes:metadata-extractor MAVEN version =2.10.1, =1.2.0, =0.1, =1.2.3, =1.2.22, =0.1.1808, =1.2.2101 and more Source cves: CVE-2022-24613 Source advisory: OSV:GHSA-P5PG-WM9Q-8V6R...

Security Bulletin: Rational Test Automation Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)

Summary Apache Log4j vulnerability associated with the Rational Performance Tester Apache JMeter™ Test Extension impacts Rational Test Automation Server. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

Command Execution Vulnerability in Metersphere

MeterSphere is a one-stop open source continuous testing platform, covering test tracking, interface testing, performance testing, team collaboration and other functions, compatible with JMeter and other open source standards, effectively helping development and testing teams to make full use of...