CVE-2023-38494

Source
https://cve.org/CVERecord?id=CVE-2023-38494
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38494.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-38494
Aliases
  • GHSA-fjp5-95pv-5253
Published
2023-08-04T15:44:44.645Z
Modified
2026-04-10T04:59:05.167558Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H CVSS Calculator
Summary
The cloud version of the MeterSphere interface leaks some sensitive data without authentication
Details

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.

Database specific
{
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38494.json"
}
References

Affected packages

Git / github.com/metersphere/metersphere

Affected ranges

Type
GIT
Repo
https://github.com/metersphere/metersphere
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*
v1.0.0
v1.2.0
v2.*
v2.10.0-lts
v2.10.1-lts
v2.10.2-lts
v2.10.3-lts

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38494.json"