CVE-2022-23512 - Vulnerability Details - OpenCVE

MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + "/" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00158.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Metersphere	Metersphere

Configuration 1 [-]

cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-28553	MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + "/" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27

History

Mon, 21 Apr 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-12-14T13:09:36.800Z

Updated: 2025-04-21T19:20:37.099Z

Reserved: 2022-01-19T21:23:53.776Z

Link: CVE-2022-23512

Vulnrichment

Updated: 2024-08-03T03:43:46.468Z

NVD

Status : Modified

Published: 2022-12-14T14:15:10.370

Modified: 2024-11-21T06:48:43.150

Link: CVE-2022-23512

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23512", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-01-19T21:23:53.776Z", "datePublished": "2022-12-14T13:09:36.800Z", "dateUpdated": "2025-04-21T19:20:37.099Z"}, "containers": {"cna": {"title": "Metersphere is vulnerable to Path Injection.", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27"}], "affected": [{"vendor": "metersphere", "product": "metersphere", "versions": [{"version": "< 2.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-14T13:09:36.800Z"}, "descriptions": [{"lang": "en", "value": "MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + \"/\" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1."}], "source": {"advisory": "GHSA-5mwp-xw7p-5j27", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.468Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T19:20:22.193717Z", "id": "CVE-2022-23512", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T19:20:37.099Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23512", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-01-19T21:23:53.776Z", "datePublished": "2022-12-14T13:09:36.800Z", "dateUpdated": "2025-04-21T19:20:37.099Z"}, "containers": {"cna": {"title": "Metersphere is vulnerable to Path Injection.", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27"}], "affected": [{"vendor": "metersphere", "product": "metersphere", "versions": [{"version": "< 2.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-14T13:09:36.800Z"}, "descriptions": [{"lang": "en", "value": "MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + \"/\" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1."}], "source": {"advisory": "GHSA-5mwp-xw7p-5j27", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.468Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-23512", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-21T19:20:22.193717Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T19:20:32.467Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*", "matchCriteriaId": "C19D8003-ED8C-4687-A535-8CEB7F72DE96", "versionEndExcluding": "2.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + \"/\" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1."}, {"lang": "es", "value": "MeterSphere es una plataforma integral de pruebas continuas de c\u00f3digo abierto. Las versiones anteriores a la 2.4.1 son vulnerables a la inyecci\u00f3n de ruta en ApiTestCaseService::deleteBodyFiles, que toma una identificaci\u00f3n de cadena controlada por el usuario y la pasa a ApiTestCaseService, que usa el valor proporcionado por el usuario (testId) en un nuevo archivo (BODY_FILE_DIR + \"/\" + testId), siendo eliminado posteriormente por file.delete(). Al agregar algunos par\u00e1metros de camuflaje a la URL, un atacante puede apuntar a archivos en el servidor. La vulnerabilidad se ha solucionado en v2.4.1."}], "id": "CVE-2022-23512", "lastModified": "2024-11-21T06:48:43.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-14T14:15:10.370", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}