54 matches found
Design/Logic Flaw
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
CVE-2023-30550 IDOR vulnerability exists in metersphere
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
CVE-2023-30550
MeterSphere (open source continuous testing platform) contains an IDOR vulnerability that lets a project administrator modify other projects within the same workspace, potentially escalating privileges to obtain operating permissions. The issue is fixed in version 2.9.0. Affected component: proje...
CVE-2023-30550 IDOR vulnerability exists in metersphere
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
CVE-2023-25814
metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the...
CVE-2023-25573
metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...
Improper access control
metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...
CVE-2023-25814
Vulnerability overview (CVE-2023-25814) : metersphere prior to 2.7.1 allows a user with UI-created resource file permission to append a path to their submission query, which is then read and displayed by the system, enabling read access to arbitrary server filesystem files if the server process h...
CVE-2023-25573
Metersphere contains an improper access control vulnerability: unauthenticated users can download arbitrary files via /api/jmeter/download/files, exposing sensitive data. Affected versions include those prior to the fixes, with remediation in versions 1.20.20 lts and 2.7.1. The issue stems from i...
CVE-2022-46178
MeterSphere (open source continuous testing platform) contains a path traversal vulnerability in versions prior to 2.5.1 where uploaded files are not validated for the filename, allowing writing to arbitrary paths via FileUtils.createFile by bypassing name checks. The root cause is lack of filena...
CVE-2022-23544
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...
CVE-2022-23512
MeterSphere (open source continuous testing platform) has a path injection vulnerability in ApiTestCaseService::deleteBodyFiles. The issue arises when a user-supplied string id is concatenated into the file path (BODY_FILE_DIR + "/" + testId) and later deleted via file.delete(), enabling manipula...
Kill Cloud Risk: Get Everybody to Stop Fighting Over App Security - Podcast
Brought to you by Uptycs. Underwriters of Threatpost podcasts do not assert any editorial control over content. Applications are cybercriminals’ favorite ways to crack open targeted organizations. Yet no single team or process can assure the rollout of safe cloud applications. From code design to...
Command Execution Vulnerability in Metersphere
MeterSphere is a one-stop open source continuous testing platform, covering test tracking, interface testing, performance testing, team collaboration and other functions, compatible with JMeter and other open source standards, effectively helping development and testing teams to make full use of...