{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36118", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-20T21:07:48.189Z", "datePublished": "2024-05-30T16:51:19.236Z", "dateUpdated": "2024-08-02T03:30:12.897Z"}, "containers": {"cna": {"title": "Unauthorized viewing of workspace test cases in MeterSphere", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6"}], "affected": [{"vendor": "metersphere", "product": "metersphere", "versions": [{"version": "<= 2.10.14-lts", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-30T16:51:19.236Z"}, "descriptions": [{"lang": "en", "value": "MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-qxx2-p3w2-w4r6", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36118", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-31T16:07:31.735732Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*"], "vendor": "metersphere", "product": "metersphere", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.10.14-lts"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:47:54.479Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.897Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36118", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-20T21:07:48.189Z", "datePublished": "2024-05-30T16:51:19.236Z", "dateUpdated": "2024-06-04T17:47:54.479Z"}, "containers": {"cna": {"title": "Unauthorized viewing of workspace test cases in MeterSphere", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6"}], "affected": [{"vendor": "metersphere", "product": "metersphere", "versions": [{"version": "<= 2.10.14-lts", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-30T16:51:19.236Z"}, "descriptions": [{"lang": "en", "value": "MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-qxx2-p3w2-w4r6", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36118", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-31T16:07:31.735732Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*"], "vendor": "metersphere", "product": "metersphere", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.10.14-lts"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-31T16:12:15.775Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"descriptions": [{"lang": "en", "value": "MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "MeterSphere es una herramienta de prueba de interfaz y gesti\u00f3n de pruebas. En las versiones afectadas, los usuarios sin permisos en el espacio de trabajo pueden ver casos de prueba funcionales de otros espacios de trabajo m\u00e1s all\u00e1 de su autoridad. Este problema se solucion\u00f3 en la versi\u00f3n 2.10.15-lts. Se recomienda a los usuarios de MeterSphere que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2024-36118", "lastModified": "2024-11-21T09:21:39.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-30T17:15:34.363", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}