Main Vulnerability Database Vulnerabilities #VU127363

Improper access control in MeterSphere - CVE-2024-36118

Published: May 30, 2024 / Updated: April 24, 2026

Vulnerability identifier: #VU127363

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-36118

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MeterSphere

Software vendor:
MeterSphere

Description

The vulnerability allows a remote user to view unauthorized workspace test cases.

The vulnerability exists due to improper access control in the workspace functional test case view when handling direct URL access to test case pages. A remote privileged user can use a copied test case URL to view unauthorized workspace test cases.

User interaction is required to obtain and open the copied URL.

Remediation

Install security update from vendor's website.

External links

https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6

Improper access control in MeterSphere - CVE-2024-36118

Description

Remediation

External links

Please verify you're human