CVE-2024-32467 MEDIUM

CVE-2024-32467: Meteraphsere vulnerable to unauthorized viewing by workspace members

Vendor Metersphere

Product metersphere

Weakness CWE-200 · Info exposure

Published April 25, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

5.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.

Key dates

02Disclosure timeline

April 25, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-32467

Related vulnerabilities

04Related CVE

CVE-2023-39974 Extension - acymailing.com - Exposure of Sensitive Information in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3 CVE-2024-7842 SourceCodester Online Graduate Tracer System export_it.php information disclosure CVE-2024-0242 Unauthorized access to settings in Qolsys IQ Panel 4 and IQ4 Hub CVE-2026-2128 Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie CVE-2024-1406 Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure