CVE-2023-38494 MEDIUM

CVE-2023-38494: The cloud version of the MeterSphere interface leaks some sensitive data without authentication

Vendor Metersphere

Product metersphere

Weakness CWE-200 · Info exposure

Published August 4, 2023

Last update October 8, 2024

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.

Key dates

02Disclosure timeline

August 4, 2023 CVE published

October 8, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-38494 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2023-38494: The cloud version of the MeterSphere interface leaks some sensitive data without authentication

01Description

02Disclosure timeline

03References

04Related CVE