CVE-2023-30550

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-30550

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30550.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-30550

Aliases

GHSA-j5cq-cpw2-gp2q

Published

2023-05-04T17:26:13.218Z

Modified

2025-11-29T14:13:45.189401Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

IDOR vulnerability exists in metersphere

Details

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30550.json",
    "cwe_ids": [
        "CWE-639"
    ]
}

References

Affected packages

Git / github.com/metersphere/metersphere

Affected ranges

Type: GIT
Repo: https://github.com/metersphere/metersphere
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

426de152a9b1830558183ccaf1c8a178bc1afd32

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.8.0

v1.8.1

v1.8.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30550.json"