daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2023-25573.yaml

patch-1
Ritik Chaddha 2023-09-14 23:02:41 +05:30 committed by GitHub
parent 9e2b1fa698
commit 67bf15b8cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
http/cves/2023/CVE-2023-25573.yaml
View File

@ -5,7 +5,7 @@ info:
author: DhiyaneshDK
severity: high
description: |
metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1
Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1
remediation: Users are advised to upgrade. There are no known workarounds for this vulnerability.
reference:
- https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Metersphere%20file%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2023-25573.md
@ -20,11 +20,11 @@ info:
epss-percentile: 0.34763
cpe: cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
verified: true
fofa-query: body="Metersphere"
vendor: metersphere
product: metersphere
fofa-query: body="Metersphere"
tags: cve,cve2023,metersphere,lfi
variables: