CVE-2022-46178 — HIGH (7.4)

Q: How severe is CVE-2022-46178?

CVE-2022-46178 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-46178?

Check the references section above for vendor advisories and patch information. Affected products include: Metersphere Metersphere.

Vulnerability Description

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5.1. There are no workarounds.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Metersphere	Metersphere	< 2.5.1

Related Weaknesses (CWE)

CWE-22

References

https://github.com/metersphere/metersphere/security/advisories/GHSA-9p62-x3c5-hrExploitPatchThird Party Advisory
https://github.com/metersphere/metersphere/security/advisories/GHSA-9p62-x3c5-hrExploitPatchThird Party Advisory

FAQ

What is CVE-2022-46178?

CVE-2022-46178 is a vulnerability with a CVSS score of 7.4 (HIGH). MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file...

How severe is CVE-2022-46178?

CVE-2022-46178 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-46178?

Check the references section above for vendor advisories and patch information. Affected products include: Metersphere Metersphere.