CVE-2022-23544
published 2022-12-28CVE-2022-23544: MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions…
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.61%
72.9th percentile
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| metersphere | metersphere | < 2.5.0 | 2.5.0 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Nuclei
MeterSphere < 2.5.0 SSRF
nuclei·CVSS 6.1
CVE-2022-23544 [MEDIUM] MeterSphere < 2.5.0 SSRF
MeterSphere < 2.5.0 SSRF
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.
Template:
id: CVE-2022-23544
info:
name: MeterSphere < 2.5.0 SSRF
author: j4vaovo
severity: medium
description: |
MeterSphere is a one-stop open source continuous testing platform, covering test management,
https://github.com/metersphere/metersphere/commit/d0f95b50737c941b29d507a4cc3545f2dc6ab121https://github.com/metersphere/metersphere/security/advisories/GHSA-vrv6-cg45-rmjjhttps://github.com/metersphere/metersphere/commit/d0f95b50737c941b29d507a4cc3545f2dc6ab121https://github.com/metersphere/metersphere/security/advisories/GHSA-vrv6-cg45-rmjj
2022-12-28
Published