6 matches found
CVE-2023-32699
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...
MeterSphere 路径遍历漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. A path traversal vulnerability exists in Metersphere version v2.10.0-lts-b4. An attacker exploiting this vulnerability could overwrite files that the Metersphere process is authorized to access...
Design/Logic Flaw
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...
CVE-2023-32699 MeterSphere denial of service vulnerability
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...
CVE-2023-32699
MeterSphere is affected by a denial-of-service vulnerability in versions up to 2.9.1. The issue arises when a user submits an excessively long password during login, triggering the MD5-based password hashing (CodingUtil.md5) to run for the long password and exhaust server CPU/memory, potentially ...
CVE-2023-32699 MeterSphere denial of service vulnerability
MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...