CVE-2024-36118

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6	Vendor Advisory
https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*

History

No history.

Information

Published : 2024-05-30 17:15

Updated : 2025-03-06 17:45

NVD link : CVE-2024-36118

Mitre link : CVE-2024-36118

CVE.ORG link : CVE-2024-36118

JSON object : View

Products Affected

metersphere

metersphere

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-36118", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-05-30T17:15:34.363", "references": [{"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "MeterSphere es una herramienta de prueba de interfaz y gesti\u00f3n de pruebas. En las versiones afectadas, los usuarios sin permisos en el espacio de trabajo pueden ver casos de prueba funcionales de otros espacios de trabajo m\u00e1s all\u00e1 de su autoridad. Este problema se solucion\u00f3 en la versi\u00f3n 2.10.15-lts. Se recomienda a los usuarios de MeterSphere que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2025-03-06T17:45:22.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "32246230-40DC-407E-9151-F46569650A78", "versionEndExcluding": "2.10.15"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}