CVE-2021-45789: Arbitrary File Read in Metersphere

September 29, 2022 (updated September 30, 2022)

An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.

References

github.com/metersphere/metersphere/issues/8652
nvd.nist.gov/vuln/detail/CVE-2021-45789

Code Behaviors & Features

Detect and mitigate CVE-2021-45789 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →