PT-2023-31520 · Unknown · Metersphere

Mrzbb

Published

2023-12-28

Updated

2024-01-04

CVE-2023-50267

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions MeterSphere versions prior to 2.10.10-lts

Description MeterSphere is a one-stop open source continuous testing platform. The issue allows authenticated attackers to update resources that do not belong to them if the resource ID is known.

Recommendations For versions prior to 2.10.10-lts, update to version 2.10.10-lts to resolve the issue. As a temporary workaround, consider restricting access to resource update functionality to minimize the risk of exploitation.

Exploit

Fix

IDOR

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-269

Related Identifiers

CVE-2023-50267

GHSA-RCP4-C5P2-58V9

Affected Products

Metersphere

PT-2023-31520 · Unknown · Metersphere

CVE-2023-50267

Weakness Enumeration

Related Identifiers

Affected Products

References · 6