CVE-2023-30550

Exploit

EPSS 0.05%
Veröffentlicht 04.05.2023 18:15:10
Zuletzt bearbeitet 29.01.2025 17:15:25
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Metersphere ≫ Metersphere Version < 2.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.139

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.5	0.9	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.5	0.9	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
security-advisories@github.com	6.8	0.9	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://github.com/metersphere/metersphere/releases/tag/v2.9.0

Release Notes

https://github.com/metersphere/metersphere/security/advisories/GHSA-j5cq-cpw2-gp2q

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-30550

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-30550

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-30550

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-30550