CVE-2023-50267

Summary

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds.

Affected Software

VendorProductVersion RangeStatus
meterspheremetersphere< 2.10.10-ltsaffected

Weaknesses

  • CWE-269: CWE-269: Improper Privilege Management
  • CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References