CVE-2022-23544

Name of the Vulnerable Software and Affected Versions MeterSphere versions prior to 2.5.0

Description MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. A Server-Side request forgery in IssueProxyResourceService::getMdImageByUrl allows an attacker to access internal resources, as well as executing JavaScript code in the context of MeterSphere's origin by a victim of a reflected XSS.

Recommendations For versions prior to 2.5.0, update to version 2.5.0 to resolve the issue. As a temporary workaround, consider disabling the IssueProxyResourceService::getMdImageByUrl function until the update is applied.