Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IDOR vulnerability exists in metersphere
Vulnerability Description
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
MeterSphere 安全漏洞
Vulnerability Description
MeterSphere是MeterSphere开源的一站式开源持续测试平台。 MeterSphere 2.9.0 之前版本存在安全漏洞,该漏洞源于允许一个项目的管理员修改工作区下的其他项目。
CVSS Information
N/A
Vulnerability Type
N/A