54 matches found
EUVD-2023-34932
Malicious code in bioql PyPI...
EUVD-2023-42304
Malicious code in bioql PyPI...
Automating Pentest Delivery: 7 Key Workflows for Maximum Impact
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn't kept up with today's fast-moving threat landscape. Too often, findings ar...
CVE-2024-32467
MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue...
CVE-2024-37161
MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...
CVE-2023-38494
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...
CVE-2022-46178
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability...
Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk
There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast...
CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability
MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...
MeterSphere 跨站脚本漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...
CVE-2023-50267
MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds...
CVE-2023-41878
MeterSphere’s CVE-2023-41878 describes a vulnerability in the Selenium VNC configuration where a weak default password allows unauthenticated access to VNC and can grant high-level privileges. Affected product: MeterSphere (Selenium VNC config). Root cause: default weak password enabling unauthor...
CVE-2023-41878 Weak password of selenium VNC in MeterSphere
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...
Design/Logic Flaw
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...
CVE-2023-38494
CVE-2023-38494 affects MeterSphere Cloud interfaces; root cause is interfaces lacking configuration permissions, enabling sensitive data disclosure. Public details indicate versions prior to 2.10.4 LTS are affected; 2.10.4 LTS contains the patch. Remediation: upgrade to 2.10.4 LTS (or apply vendo...
Design/Logic Flaw
Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...
CVE-2023-35937
CVE-2023-35937 affects Metersphere before version 2.10.2 LTS, where several key APIs lack permission checks, allowing ordinary users to perform actions reserved for space/project administrators (e.g., updating a user as a space administrator). The issue is documented in multiple sources (NVD entr...
MeterSphere Denial of Service Vulnerability
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.9.1 and previous versions of a denial of service vulnerability , the vulnerability stems from the submission of a very long password during login , it will force the system to perform a long...
CVE-2023-32699
MeterSphere is affected by a denial-of-service vulnerability in versions up to 2.9.1. The issue arises when a user submits an excessively long password during login, triggering the MD5-based password hashing (CodingUtil.md5) to run for the long password and exhaust server CPU/memory, potentially ...
CVE-2023-30550
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...