CVE-2024-32467 - Vulnerability Details - OpenCVE

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Key SSVC decision points have not yet been added.

Vendors	Products
Metersphere	Metersphere

Configuration 1 [-]

cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Metersphere	Metersphere

References

Link	Providers
https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp

History

Thu, 04 Sep 2025 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:metersphere:metersphere:::::lts:::*

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-25T16:56:26.071Z

Updated: 2024-08-02T02:13:39.297Z

Reserved: 2024-04-12T19:41:51.166Z

Link: CVE-2024-32467

Vulnrichment

Updated: 2024-08-02T02:13:39.297Z

NVD

Status : Analyzed

Published: 2024-04-25T17:15:50.080

Modified: 2025-09-04T14:48:12.617

Link: CVE-2024-32467

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T16:01:37Z

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32467", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-12T19:41:51.166Z", "datePublished": "2024-04-25T16:56:26.071Z", "dateUpdated": "2024-08-02T02:13:39.297Z"}, "containers": {"cna": {"title": "Meteraphsere vulnerable to unauthorized viewing by workspace members", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp"}], "affected": [{"vendor": "metersphere", "product": "metersphere", "versions": [{"version": "< 2.10.14-lts", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-25T16:56:26.071Z"}, "descriptions": [{"lang": "en", "value": "MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue."}], "source": {"advisory": "GHSA-7499-q88f-mxqp", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32467", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T19:21:49.955924Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:metersphere:metersphere:-:*:*:*:*:*:*:*"], "vendor": "metersphere", "product": "metersphere", "versions": [{"status": "affected", "version": "-", "lessThan": "2.10.14", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:49:44.304Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:39.297Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp", "name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:39.297Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32467", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T19:21:49.955924Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:metersphere:metersphere:-:*:*:*:*:*:*:*"], "vendor": "metersphere", "product": "metersphere", "versions": [{"status": "affected", "version": "-", "lessThan": "2.10.14", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T19:22:20.248Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Meteraphsere vulnerable to unauthorized viewing by workspace members", "source": {"advisory": "GHSA-7499-q88f-mxqp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "metersphere", "product": "metersphere", "versions": [{"status": "affected", "version": "< 2.10.14-lts"}]}], "references": [{"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp", "name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-25T16:56:26.071Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32467", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:13:39.297Z", "dateReserved": "2024-04-12T19:41:51.166Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-25T16:56:26.071Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*", "matchCriteriaId": "BE8FEA65-8E27-459B-B915-2418ACC64893", "versionEndExcluding": "2.10.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue."}, {"lang": "es", "value": "MeterSphere es una plataforma de pruebas continuas de c\u00f3digo abierto. Antes de la versi\u00f3n 2.10.14-lts, los miembros sin permisos de espacio pod\u00edan ver la informaci\u00f3n de los miembros desde otros espacios de trabajo fuera de su autoridad. La versi\u00f3n 2.10.14-lts soluciona este problema."}], "id": "CVE-2024-32467", "lastModified": "2025-09-04T14:48:12.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-25T17:15:50.080", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}