CVE-2023-37461

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 17, 2023

Updated: Jul 27, 2023

CWE ID 22

Summary

CVE-2023-37461 is a vulnerability affecting the Metersphere open-source testing framework. Maliciously crafted files uploaded to Metersphere can contain a `belongType` value with a relative path, such as `../../../../`, leading Metersphere to attempt to overwrite existing files or create new ones in unintended locations. The impact is limited to files that the metersphere process has access to. An upgrade to version 2.10.3 is recommended to address this issue, as there are currently no known workarounds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Metersphere

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r5a0sM
https://www.cve.org/CVERecord?id=CVE-2023-37461
https://nvd.nist.gov/vuln/detail/CVE-2023-37461

Back to Vulnerability Database

CVE-2023-37461

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations