9.8

CVE-2023-41878

EPSS 0.14%
Veröffentlicht 27.09.2023 15:19:30
Zuletzt bearbeitet 21.11.2024 08:21:50
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Metersphere ≫ Metersphere SwEditionlts Version < 2.10.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.347

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://github.com/metersphere/installer/commit/02dd31c0951a225eaad99eda560e3eb91ba3001d

Patch

https://github.com/metersphere/metersphere/security/advisories/GHSA-88vv-6rm4-59h9

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-41878

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41878

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41878

EUVD