PT-2023-28136 · Selenium+1 · Selenium+1
Fit2-Zhao
·
Published
2023-09-26
·
Updated
2023-09-30
·
CVE-2023-41878
CVSS v3.1
4.6
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
MeterSphere versions prior to 2.10.7 LTS
Description
The issue concerns a weak password used by default in the Selenium VNC config of MeterSphere, allowing attackers to login to VNC and obtain high permissions.
Recommendations
For versions prior to 2.10.7 LTS, upgrade to version 2.10.7 LTS or later to resolve the issue. As a temporary workaround, consider changing the default VNC password to a stronger one until the upgrade is possible.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Metersphere
Selenium