SB2023031555 - Multiple vulnerabilities in MeterSphere

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Missing Authorization (CVE-ID: CVE-2023-25573)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing authorization at the "/api/jmeter/download/files" endpoint. A remote non-authenticated attacker can download arbitrary files from the system.

2) Path traversal (CVE-ID: CVE-2023-25814)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.

3) Exposed dangerous method or function (CVE-ID: CVE-2023-29944)

The vulnerability allows a remote user to execute arbitrary OS commands on the system.

The vulnerability exists due to exposure of the system command reverse-shell at the custom code snippet function of the metersphere system workbench. A remote user can execute arbitrary OS commands on the system.

Remediation

Install update from vendor's website.

References

• https://github.com/metersphere/metersphere/security/advisories/GHSA-mcwr-j9vm-5g8h
• https://github.com/metersphere/metersphere/security/advisories/GHSA-fwc3-5h55-mh2j
• https://hacku.top/wl/?id=N67LxQL238Tsw9PDok5fy8tihEO0jI7L