漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MeterSphere logic flaw allows retrieval of arbitrary user information
Vulnerability Description
MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
MeterSphere 信息泄露漏洞
Vulnerability Description
MeterSphere是MeterSphere开源的一站式开源持续测试平台。 MeterSphere 2.10.25-lts之前版本存在信息泄露漏洞,该漏洞源于逻辑缺陷,可能导致任意用户信息泄露和未经验证的攻击者登录系统。
CVSS Information
N/A
Vulnerability Type
N/A