178 matches found
CVE-2023-37461
CVE-2023-37461 affects Metersphere. The vulnerability arises from uploaded files that may set a related type to a relative path such as ../../../../, enabling a path-traversal that could overwrite or create files within the metersphere process’ accessible filesystem. This is constrained to files ...
CVE-2023-37461 Path traversal in metersphere
Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a belongType value with a relative path like ../../../../ which may cause metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to...
CVE-2023-37461 Path traversal in metersphere
Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a belongType value with a relative path like ../../../../ which may cause metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to...
CVE-2023-37461 Path traversal in metersphere
Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a belongType value with a relative path like ../../../../ which may cause metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to...
MeterSphere 路径遍历漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. A path traversal vulnerability exists in Metersphere version v2.10.0-lts-b4. An attacker exploiting this vulnerability could overwrite files that the Metersphere process is authorized to access...
CVE-2023-35937
Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...
Design/Logic Flaw
Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...
CVE-2023-35937 Metersphere missing permission check
Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...
CVE-2023-35937 Metersphere missing permission check
Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...
CVE-2023-35937
CVE-2023-35937 affects Metersphere before version 2.10.2 LTS, where several key APIs lack permission checks, allowing ordinary users to perform actions reserved for space/project administrators (e.g., updating a user as a space administrator). The issue is documented in multiple sources (NVD entr...
CVE-2023-35937 Metersphere missing permission check
Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...
Metersphere 安全漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in Metersphere versions prior to 2.10.2 LTS, which stems from a lack of permission checking in certain critical APIs, allowing normal users to use the APIs of high-privileged...
PT-2023-25394 · Unknown · Metersphere
Name of the Vulnerable Software and Affected Versions: Metersphere versions prior to 2.10.2 LTS Description: Metersphere is an open source continuous testing platform. In the affected versions, some key APIs lack permission checks, allowing ordinary users to execute APIs that can only be executed...
MeterSphere Denial of Service Vulnerability
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.9.1 and previous versions of a denial of service vulnerability , the vulnerability stems from the submission of a very long password during login , it will force the system to perform a long...
CVE-2023-32699
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...
Design/Logic Flaw
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...
CVE-2023-32699 MeterSphere denial of service vulnerability
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...
CVE-2023-32699
MeterSphere is affected by a denial-of-service vulnerability in versions up to 2.9.1. The issue arises when a user submits an excessively long password during login, triggering the MD5-based password hashing (CodingUtil.md5) to run for the long password and exhaust server CPU/memory, potentially ...
CVE-2023-32699 MeterSphere denial of service vulnerability
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...
CVE-2023-32699 MeterSphere denial of service vulnerability
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...