Vulnerability Description
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + "/" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Metersphere | Metersphere | < 2.4.1 |
Related Weaknesses (CWE)
References
- https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5jExploitPatchThird Party Advisory
- https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5jExploitPatchThird Party Advisory
FAQ
What is CVE-2022-23512?
CVE-2022-23512 is a vulnerability with a CVSS score of 7.7 (HIGH). MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string ...
How severe is CVE-2022-23512?
CVE-2022-23512 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23512?
Check the references section above for vendor advisories and patch information. Affected products include: Metersphere Metersphere.