Home > Vulnerability Database > CVE-2023-25814

Mend.io Vulnerability Database

CVE-2023-25814

Good to know:

Date: March 9, 2023

metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the system to read arbitrary files on the filesystem of the server so long as the server process itself has permission to read the requested files. This issue has been addressed in version 2.7.1. All users are advised to upgrade. There are no known workarounds for this issue.

Language: Java

Severity Score

7.1

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25814

Url: https://github.com/metersphere/metersphere/security/advisories/GHSA-fwc3-5h55-mh2j

Url: https://www.mend.io/vulnerability-database/CVE-2023-25814

Severity Score

7.1

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v2.7.1

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25814

Good to know:

Date: March 9, 2023

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?