Metersphere

Metersphere

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-62604

Exploit
  • EPSS 0.05%
  • Veröffentlicht 22.10.2025 15:03:40
  • Zuletzt bearbeitet 28.10.2025 16:26:07

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been pat...

9.8

CVE-2025-53639

  • EPSS 0.06%
  • Veröffentlicht 14.07.2025 20:15:29
  • Zuletzt bearbeitet 11.09.2025 20:47:39

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL s...

6.1

CVE-2024-37161

Exploit
  • EPSS 0.44%
  • Veröffentlicht 11.06.2024 15:16:09
  • Zuletzt bearbeitet 04.09.2025 19:12:45

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue.

4.3

CVE-2024-36118

  • EPSS 0.25%
  • Veröffentlicht 30.05.2024 17:15:34
  • Zuletzt bearbeitet 06.03.2025 14:24:40

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Use...

6.5

CVE-2024-32467

Exploit
  • EPSS 0.06%
  • Veröffentlicht 25.04.2024 17:15:50
  • Zuletzt bearbeitet 04.09.2025 14:48:12

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.

4.3

CVE-2023-50267

  • EPSS 0.14%
  • Veröffentlicht 28.12.2023 16:16:01
  • Zuletzt bearbeitet 21.11.2024 08:36:47

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known w...

9.8

CVE-2023-41878

  • EPSS 0.14%
  • Veröffentlicht 27.09.2023 15:19:30
  • Zuletzt bearbeitet 21.11.2024 08:21:50

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attac...

7.5

CVE-2023-38494

Exploit
  • EPSS 0.06%
  • Veröffentlicht 04.08.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:13:41

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a ...

9.8

CVE-2023-37461

Exploit
  • EPSS 0.08%
  • Veröffentlicht 17.07.2023 20:15:13
  • Zuletzt bearbeitet 21.11.2024 08:11:45

Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a `belongType` value with a relative path like `../../../../` which may cause metersphere to attempt to overwrite an existing file in the defined location or to ...

8.8

CVE-2023-35937

Exploit
  • EPSS 0.04%
  • Veröffentlicht 06.07.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 08:09:00

Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project a...