CVE-2023-41878

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-41878

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41878.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41878

Aliases

GHSA-88vv-6rm4-59h9

Published

2023-09-26T22:53:27.060Z

Modified

2026-02-14T00:59:45.011812Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L CVSS Calculator

Summary

Weak password of selenium VNC in MeterSphere

Details

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-798"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41878.json"
}

References

Affected packages

Git / github.com/metersphere/installer

Affected ranges

Type: GIT
Repo: https://github.com/metersphere/installer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

00dd630713a98d094a7c2df3541ddc7e00f63844

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.10.0

v1.10.0-lts

v1.10.1

v1.10.1-lts

v1.10.2

v1.10.2-lts

v1.10.3

v1.10.3-lts

v1.12.0

v1.12.1

v1.12.2

v1.15.0

v1.15.1

v1.15.2

v1.15.3

v1.15.4

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v2.*

v2.10.0-lts

v2.10.0-lts-arm64

v2.10.1-lts

v2.10.1-lts-arm64

v2.10.2-lts

v2.10.2-lts-arm64

v2.10.3-lts

v2.10.3-lts-arm64

v2.10.4-lts

v2.10.4-lts-arm64

v2.10.5-lts

v2.10.5-lts-arm64

v2.10.6-lts

v2.10.6-lts-arm64

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41878.json"