Skip to content

Horizontal privilege escalation vulnerability of resources in project scope.

Moderate
liqiang-fit2cloud published GHSA-rcp4-c5p2-58v9 Dec 28, 2023

Package

maven io.metersphere (Maven)

Affected versions

<v2.10.9-lts

Patched versions

v2.10.10-lts

Description

Summary

The authenticated users can read resources in project scope which don't belong to him if the resource ID is known.

Severity

Moderate
4.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVE ID

CVE-2023-50267

Weaknesses

Credits