Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MeterSphere logic flaw allows retrieval of arbitrary user information
Vulnerability Description
MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
MeterSphere 信息泄露漏洞
Vulnerability Description
MeterSphere是MeterSphere开源的一站式开源持续测试平台。 MeterSphere 2.10.25-lts之前版本存在信息泄露漏洞,该漏洞源于逻辑缺陷,可能导致任意用户信息泄露和未经验证的攻击者登录系统。
CVSS Information
N/A
Vulnerability Type
N/A