CVE-2023-29944

Name of the Vulnerable Software and Affected Versions Metersphere version 1.20.20-lts-79d354a6

Description The issue allows for Remote Command Execution. An attacker can execute system commands, including reverse-shell, by exploiting the custom code snippet function in the Metersphere system workbench.

Recommendations For Metersphere version 1.20.20-lts-79d354a6, consider disabling the custom code snippet function in the system workbench as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.