CVE-2023-35937

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-35937
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35937.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-35937
Aliases
  • GHSA-7xj3-qrx5-524r
Published
2023-07-06T13:50:10.673Z
Modified
2026-03-13T07:39:09.473761Z
Severity
  • 6.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L CVSS Calculator
Summary
Metersphere missing permission check
Details

Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-862"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/35xxx/CVE-2023-35937.json"
}
References

Affected packages

Git / github.com/metersphere/metersphere

Affected ranges

Type
GIT
Repo
https://github.com/metersphere/metersphere
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b028f4eab76060a5f2150e26726f5d6dbf4405c1

Affected versions

v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.2.1
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.2
v2.*
v2.10.0-lts
v2.10.1-lts

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2023-35937-860472db",
        "signature_type": "Line",
        "target": {
            "file": "api-test/backend/src/main/java/io/metersphere/service/RedisTemplateService.java"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "154778400305018438857211765998573398522",
                "304206475203206289799186668811307606517",
                "339551209434590319055073336901839692609",
                "262671753770604312796274054560474093682"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/metersphere/metersphere/commit/b028f4eab76060a5f2150e26726f5d6dbf4405c1"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35937.json"