{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T17:05:39.498","vulnerabilities":[{"cve":{"id":"CVE-2023-38494","sourceIdentifier":"security-advisories@github.com","published":"2023-08-04T16:15:10.177","lastModified":"2024-11-21T08:13:41.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue."},{"lang":"es","value":"MeterSphere es una plataforma de pruebas continuas de código abierto. Antes de la versión 2.10.4 LTS, algunas interfaces de la versión Cloud de MeterSphere no tienen permisos de configuración, y son filtradas sensiblemente por los atacantes. La versión 2.10.4 LTS contiene un parche para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*","versionEndExcluding":"2.10.4","matchCriteriaId":"34BBA850-D024-4FED-9794-74C62218EF49"}]}]}],"references":[{"url":"https://github.com/metersphere/metersphere/commit/a23f75d93b666901fd148d834df9384f6f24cf28","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/metersphere/metersphere/security/advisories/GHSA-fjp5-95pv-5253","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/metersphere/metersphere/commit/a23f75d93b666901fd148d834df9384f6f24cf28","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/metersphere/metersphere/security/advisories/GHSA-fjp5-95pv-5253","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}