Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Weak password of selenium VNC in MeterSphere
Vulnerability Description
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
MeterSphere 信任管理问题漏洞
Vulnerability Description
MeterSphere是MeterSphere开源的一站式开源持续测试平台。 MeterSphere 2.10.6 LTS及之前版本存在信任管理问题漏洞,该漏洞源于Selenium VNC默认使用弱密码,导致攻击者可以登录VNC并获得高权限。
CVSS Information
N/A
Vulnerability Type
N/A