CVE-2024-32467

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-32467
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32467.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-32467
Aliases
  • GHSA-7499-q88f-mxqp
Published
2024-04-25T16:56:26.071Z
Modified
2026-04-12T09:49:33.779390Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L CVSS Calculator
Summary
Meteraphsere vulnerable to unauthorized viewing by workspace members
Details

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32467.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/metersphere/metersphere

Affected ranges

Type
GIT
Repo
https://github.com/metersphere/metersphere
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a7298117db072d563b730473a2c067bbb090af8c

Affected versions

v1.*
v1.0.0
v1.2.0
v2.*
v2.10.0-lts
v2.10.1-lts
v2.10.10-lts
v2.10.11-lts
v2.10.12-lts
v2.10.13-lts
v2.10.2-lts
v2.10.3-lts
v2.10.4-lts
v2.10.5-lts
v2.10.6-lts
v2.10.7-lts
v2.10.8-lts
v2.10.9-lts

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32467.json"
vanir_signatures_modified 
"2026-04-12T09:49:33Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "263585253501527564000566530732742302073",
                "176360177107278667391065650646382280219",
                "89682968799493253102233148373897585868",
                "222566482732282657203612917344517649471",
                "251674932685699610728484243004667845050",
                "68948657182014855106402587596879829707",
                "142862637975036514021956920311447287859"
            ]
        },
        "source": "https://github.com/metersphere/metersphere/commit/a7298117db072d563b730473a2c067bbb090af8c",
        "id": "CVE-2024-32467-112534f9",
        "signature_type": "Line",
        "target": {
            "file": "system-setting/backend/src/main/java/io/metersphere/controller/UserController.java"
        }
    }
]