CVE-2023-50267: Authorization Bypass Through User-Controlled Key

December 28, 2023 (updated January 4, 2024)

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don’t belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds.

References

github.com/metersphere/metersphere/security/advisories/GHSA-rcp4-c5p2-58v9
nvd.nist.gov/vuln/detail/CVE-2023-50267

Code Behaviors & Features

Detect and mitigate CVE-2023-50267 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →