Metersphere Security Vulnerabilities and Issues — Metersphere CVE List

Lucene search

MetersphereMetersphere

3 matches found

CVE•added 2023/05/08 1:15 a.m.•104 views

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench

9.8CVSS9.6AI score0.0488EPSS

CVE•added 2023/05/30 7:15 p.m.•38 views

CVE-2023-32699

MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to encry...

6.5CVSS6.4AI score0.00931EPSS

CVE•added 2023/05/04 6:15 p.m.•19 views

CVE-2023-30550

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operat...

6.8CVSS4.8AI score0.00031EPSS