Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Read Vulnerability in metersphere
Vulnerability Description
metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the system to read arbitrary files on the filesystem of the server so long as the server process itself has permission to read the requested files. This issue has been addressed in version 2.7.1. All users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
MeterSphere 路径遍历漏洞
Vulnerability Description
MeterSphere是MeterSphere开源的一站式开源持续测试平台。 MeterSphere 2.7.1之前版本存在路径遍历漏洞,该漏洞源于用户通过在UI 操作创建资源文件的过程中将路径附加到提交查询中,该路径将会被系统读取并显示给用户, 攻击者利用该漏洞可以读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A