CVE-2023-38494

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-38494
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38494.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-38494
Related
  • GHSA-fjp5-95pv-5253
Published
2023-08-04T16:15:10Z
Modified
2025-01-15T04:56:36.423817Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.

References

Affected packages

Git / github.com/metersphere/metersphere

Affected ranges

Type
GIT
Repo
https://github.com/metersphere/metersphere
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.2.1
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.2

v2.*

v2.10.0-lts
v2.10.1-lts
v2.10.2-lts
v2.10.3-lts