Vulnerability Description
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Metersphere | Metersphere | < 2.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/metersphere/metersphere/releases/tag/v2.9.0Release Notes
- https://github.com/metersphere/metersphere/security/advisories/GHSA-j5cq-cpw2-gpExploitThird Party Advisory
- https://github.com/metersphere/metersphere/releases/tag/v2.9.0Release Notes
- https://github.com/metersphere/metersphere/security/advisories/GHSA-j5cq-cpw2-gpExploitThird Party Advisory
FAQ
What is CVE-2023-30550?
CVE-2023-30550 is a vulnerability with a CVSS score of 6.8 (MEDIUM). MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administ...
How severe is CVE-2023-30550?
CVE-2023-30550 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-30550?
Check the references section above for vendor advisories and patch information. Affected products include: Metersphere Metersphere.