CVE-2023-35937

Name of the Vulnerable Software and Affected Versions Metersphere versions prior to 2.10.2 LTS

Description Metersphere is an open source continuous testing platform. In the affected versions, some key APIs lack permission checks, allowing ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators.

Recommendations For versions prior to 2.10.2 LTS, update to version 2.10.2 LTS to resolve the issue. As a temporary workaround, consider restricting access to key APIs to minimize the risk of exploitation.