Metersphere

Metersphere

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-32699

Exploit
  • EPSS 1.16%
  • Veröffentlicht 30.05.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 08:03:52

MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ​The `checkUserPassword` method is used to check whether the password provided by the user matches the password saved in the datab...

9.8

CVE-2023-29944

Exploit
  • EPSS 6.44%
  • Veröffentlicht 08.05.2023 01:15:08
  • Zuletzt bearbeitet 29.01.2025 19:15:16

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench

4.5

CVE-2023-30550

Exploit
  • EPSS 0.05%
  • Veröffentlicht 04.05.2023 18:15:10
  • Zuletzt bearbeitet 29.01.2025 17:15:25

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under ...

6.5

CVE-2023-25814

Exploit
  • EPSS 0.1%
  • Veröffentlicht 09.03.2023 18:15:09
  • Zuletzt bearbeitet 21.11.2024 07:50:15

metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and di...

7.5

CVE-2023-25573

Exploit
  • EPSS 93.46%
  • Veröffentlicht 09.03.2023 17:15:10
  • Zuletzt bearbeitet 21.11.2024 07:49:45

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose ...

8.8

CVE-2022-46178

Exploit
  • EPSS 0.58%
  • Veröffentlicht 29.12.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 07:30:16

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lea...

6.1

CVE-2022-23544

Exploit
  • EPSS 23.57%
  • Veröffentlicht 28.12.2022 00:15:13
  • Zuletzt bearbeitet 21.11.2024 06:48:47

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scriptin...

8.1

CVE-2022-23512

Exploit
  • EPSS 0.37%
  • Veröffentlicht 14.12.2022 14:15:10
  • Zuletzt bearbeitet 21.11.2024 06:48:43

MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses...

8.8

CVE-2021-45788

Exploit
  • EPSS 13.39%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:33:02

Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.

9.8

CVE-2021-45790

Exploit
  • EPSS 32.37%
  • Veröffentlicht 29.09.2022 03:15:14
  • Zuletzt bearbeitet 21.11.2024 06:33:03

An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.