CVE-2024-36118

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-36118

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36118.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36118

Aliases

GHSA-qxx2-p3w2-w4r6

Published

2024-05-30T16:51:19.236Z

Modified

2026-03-13T07:55:41.408564Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Unauthorized viewing of workspace test cases in MeterSphere

Details

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36118.json"
}

References

Affected packages

Git / github.com/metersphere/metersphere

Affected ranges

Type: GIT
Repo: https://github.com/metersphere/metersphere
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1e4e1f7bbec459b5cd9d31d9fa6c9e06e9339940

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.8.0

v1.8.1

v1.8.2

v2.*

v2.10.0-lts

v2.10.1-lts

v2.10.10-lts

v2.10.11-lts

v2.10.12-lts

v2.10.13-lts

v2.10.14-lts

v2.10.2-lts

v2.10.3-lts

v2.10.4-lts

v2.10.5-lts

v2.10.6-lts

v2.10.7-lts

v2.10.8-lts

v2.10.9-lts

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "test-track/backend/src/main/java/io/metersphere/controller/IssuesController.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "85815670395181125770669646379836153828",
                "209233138732905092424680403748202527317",
                "260865919006453220708203443353642449032",
                "148334357639449620821282472786549735759",
                "129564723561641232813984811142633726984",
                "55595661252912310970259340531392094775",
                "290713239952424255699898441977273760902",
                "139628608664975038668776885278927546164",
                "237603362694974431155926873286215865407"
            ]
        },
        "source": "https://github.com/metersphere/metersphere/commit/1e4e1f7bbec459b5cd9d31d9fa6c9e06e9339940",
        "signature_type": "Line",
        "id": "CVE-2024-36118-15149c0c",
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36118.json"