CVE-2024-36118

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6
https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6

Configurations

No configuration.

History

21 Nov 2024, 09:21

Type	Values Removed	Values Added
Summary		(es) MeterSphere es una herramienta de prueba de interfaz y gestión de pruebas. En las versiones afectadas, los usuarios sin permisos en el espacio de trabajo pueden ver casos de prueba funcionales de otros espacios de trabajo más allá de su autoridad. Este problema se solucionó en la versión 2.10.15-lts. Se recomienda a los usuarios de MeterSphere que actualicen. No se conocen workarounds para esta vulnerabilidad.
References	~~() https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6 -~~	() https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6 -

30 May 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-30 17:15

Updated : 2024-11-21 09:21

NVD link : CVE-2024-36118

Mitre link : CVE-2024-36118

CVE.ORG link : CVE-2024-36118

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

3.5 /10