PT-2023-31520 · Unknown · Metersphere

Mrzbb

Publicado

2023-12-28

Atualizado

2024-01-04

CVE-2023-50267

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions MeterSphere versions prior to 2.10.10-lts

Description MeterSphere is a one-stop open source continuous testing platform. The issue allows authenticated attackers to update resources that do not belong to them if the resource ID is known.

Recommendations For versions prior to 2.10.10-lts, update to version 2.10.10-lts to resolve the issue. As a temporary workaround, consider restricting access to resource update functionality to minimize the risk of exploitation.

Exploit

Correção

IDOR

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639CWE-269

Identificadores relacionados

CVE-2023-50267

GHSA-RCP4-C5P2-58V9

Produtos afetados

Metersphere

PT-2023-31520 · Unknown · Metersphere

CVE-2023-50267

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6