CVE-2024-36118

{"id": "CVE-2024-36118", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}]}, "published": "2024-05-30T17:15:34.363", "references": [{"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "MeterSphere es una herramienta de prueba de interfaz y gesti\u00f3n de pruebas. En las versiones afectadas, los usuarios sin permisos en el espacio de trabajo pueden ver casos de prueba funcionales de otros espacios de trabajo m\u00e1s all\u00e1 de su autoridad. Este problema se solucion\u00f3 en la versi\u00f3n 2.10.15-lts. Se recomienda a los usuarios de MeterSphere que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2024-05-30T18:18:58.870", "sourceIdentifier": "security-advisories@github.com"}