PT-2023-28136 · Selenium+1 · Selenium+1

Fit2-Zhao

Publicado

2023-09-26

Atualizado

2023-09-30

CVE-2023-41878

CVSS v3.1

4.6

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions MeterSphere versions prior to 2.10.7 LTS

Description The issue concerns a weak password used by default in the Selenium VNC config of MeterSphere, allowing attackers to login to VNC and obtain high permissions.

Recommendations For versions prior to 2.10.7 LTS, upgrade to version 2.10.7 LTS or later to resolve the issue. As a temporary workaround, consider changing the default VNC password to a stronger one until the upgrade is possible.

Exploit

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2023-41878

GHSA-88VV-6RM4-59H9

Produtos afetados

Metersphere

Selenium

PT-2023-28136 · Selenium+1 · Selenium+1

CVE-2023-41878

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6