CVE-2023-30550: Authorization Bypass Through User-Controlled Key

May 4, 2023 (updated May 10, 2023)

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.

References

github.com/metersphere/metersphere/releases/tag/v2.9.0
github.com/metersphere/metersphere/security/advisories/GHSA-j5cq-cpw2-gp2q
nvd.nist.gov/vuln/detail/CVE-2023-30550

Detect and mitigate CVE-2023-30550 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →