CVE-2021-45789

Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4

Description: An arbitrary file read issue was found, allowing authenticated users to read any file on the server via the file download function.

Recommendations: For Metersphere version 1.15.4, consider restricting access to the file download function until a patch is available. As a temporary workaround, limit the files that can be downloaded through this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.