CVE-2021-45790

Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4

Description: An arbitrary file upload issue was discovered, allowing unauthenticated users to upload files to any directory. This could enable attackers to write a cron job for command execution.

Recommendations: For Metersphere version 1.15.4, consider restricting file upload capabilities to authenticated users only, and limit the directories where files can be uploaded to prevent arbitrary file writing. As a temporary workaround, monitor cron jobs closely for suspicious activity and restrict access to sensitive directories until a patch is available.