PT-2023-26475 · Unknown · Metersphere

Hbdxmz

Publicado

2023-08-04

Atualizado

2023-08-08

CVE-2023-38494

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions MeterSphere versions prior to 2.10.4 LTS

Description MeterSphere is an open-source continuous testing platform. Some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers.

Recommendations For versions prior to 2.10.4 LTS, update to version 2.10.4 LTS to resolve the issue. As a temporary workaround, consider restricting access to sensitive interfaces until the patch is applied.

Exploit

Correção

Missing Authorization

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-200

Identificadores relacionados

CVE-2023-38494

GHSA-FJP5-95PV-5253

Produtos afetados

Metersphere

PT-2023-26475 · Unknown · Metersphere

CVE-2023-38494

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7