Описание
MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.
Ссылки
- Patch
- ExploitThird Party Advisory
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.10.4 (исключая)
cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*
EPSS
Процентиль: 18%
0.00056
Низкий
5.9 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-200
CWE-862
EPSS
Процентиль: 18%
0.00056
Низкий
5.9 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-200
CWE-862