CVE-2023-30550

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
GitHub_MCNA
6.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
4.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
meterspheremetersphere
𝑥
< 2.9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/metersphere/metersphere/releases/tag/v2.9.0
https://github.com/metersphere/metersphere/security/advisories/GHSA-j5cq-cpw2-gp2q
https://github.com/metersphere/metersphere/releases/tag/v2.9.0
https://github.com/metersphere/metersphere/security/advisories/GHSA-j5cq-cpw2-gp2q