Improper access control in MeterSphere - CVE-2024-36118

 

Improper access control in MeterSphere - CVE-2024-36118

Published: May 30, 2024 / Updated: April 24, 2026


Vulnerability identifier: #VU127363
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-36118
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: MeterSphere
Affected software:
MeterSphere

Detailed vulnerability description

The vulnerability allows a remote user to view unauthorized workspace test cases.

The vulnerability exists due to improper access control in the workspace functional test case view when handling direct URL access to test case pages. A remote privileged user can use a copied test case URL to view unauthorized workspace test cases.

User interaction is required to obtain and open the copied URL.


How to mitigate CVE-2024-36118

Install security update from vendor's website.

Sources