CVE-2021-45789

EUVD-2021-32507
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
meterspheremetersphere
1.15.4
𝑥
= Vulnerable software versions
References
https://github.com/metersphere/metersphere/issues/8652
https://github.com/metersphere/metersphere/issues/8652