exploitDog

CVE-2024-36118

Опубликовано: 30 мая 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 4.3

EPSS Низкий

Описание

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6
Vendor Advisory
https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*

Версия до 2.10.15 (исключая)

EPSS

Процентиль: 48%

0.0025

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

EPSS

Процентиль: 48%

0.0025

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo