CVE-2022-23512 (GCVE-0-2022-23512)
Vulnerability from cvelistv5 – Published: 2022-12-14 13:09 – Updated: 2025-04-21 19:20
VLAI
Title
Metersphere is vulnerable to Path Injection.
Summary
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + "/" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1.
Severity
7.7 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/metersphere/metersphere/securi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| metersphere | metersphere |
Affected:
< 2.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23512",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T19:20:22.193717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T19:20:37.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "metersphere",
"vendor": "metersphere",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + \"/\" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T13:09:36.800Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27"
}
],
"source": {
"advisory": "GHSA-5mwp-xw7p-5j27",
"discovery": "UNKNOWN"
},
"title": "Metersphere is vulnerable to Path Injection."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23512",
"datePublished": "2022-12-14T13:09:36.800Z",
"dateReserved": "2022-01-19T21:23:53.776Z",
"dateUpdated": "2025-04-21T19:20:37.099Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-23512",
"date": "2026-05-27",
"epss": "0.00368",
"percentile": "0.58894"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.4.1\", \"matchCriteriaId\": \"C19D8003-ED8C-4687-A535-8CEB7F72DE96\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + \\\"/\\\" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1.\"}, {\"lang\": \"es\", \"value\": \"MeterSphere es una plataforma integral de pruebas continuas de c\\u00f3digo abierto. Las versiones anteriores a la 2.4.1 son vulnerables a la inyecci\\u00f3n de ruta en ApiTestCaseService::deleteBodyFiles, que toma una identificaci\\u00f3n de cadena controlada por el usuario y la pasa a ApiTestCaseService, que usa el valor proporcionado por el usuario (testId) en un nuevo archivo (BODY_FILE_DIR + \\\"/\\\" + testId), siendo eliminado posteriormente por file.delete(). Al agregar algunos par\\u00e1metros de camuflaje a la URL, un atacante puede apuntar a archivos en el servidor. La vulnerabilidad se ha solucionado en v2.4.1.\"}]",
"id": "CVE-2022-23512",
"lastModified": "2024-11-21T06:48:43.150",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}]}",
"published": "2022-12-14T14:15:10.370",
"references": "[{\"url\": \"https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-23512\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-12-14T14:15:10.370\",\"lastModified\":\"2024-11-21T06:48:43.150\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + \\\"/\\\" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1.\"},{\"lang\":\"es\",\"value\":\"MeterSphere es una plataforma integral de pruebas continuas de c\u00f3digo abierto. Las versiones anteriores a la 2.4.1 son vulnerables a la inyecci\u00f3n de ruta en ApiTestCaseService::deleteBodyFiles, que toma una identificaci\u00f3n de cadena controlada por el usuario y la pasa a ApiTestCaseService, que usa el valor proporcionado por el usuario (testId) en un nuevo archivo (BODY_FILE_DIR + \\\"/\\\" + testId), siendo eliminado posteriormente por file.delete(). Al agregar algunos par\u00e1metros de camuflaje a la URL, un atacante puede apuntar a archivos en el servidor. La vulnerabilidad se ha solucionado en v2.4.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.1\",\"matchCriteriaId\":\"C19D8003-ED8C-4687-A535-8CEB7F72DE96\"}]}]}],\"references\":[{\"url\":\"https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Metersphere is vulnerable to Path Injection.\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-22\", \"lang\": \"en\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27\"}], \"affected\": [{\"vendor\": \"metersphere\", \"product\": \"metersphere\", \"versions\": [{\"version\": \"\u003c 2.4.1\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-12-14T13:09:36.800Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId) in new File(BODY_FILE_DIR + \\\"/\\\" + testId), being deleted later by file.delete(). By adding some camouflage parameters to the url, an attacker can target files on the server. The vulnerability has been fixed in v2.4.1.\"}], \"source\": {\"advisory\": \"GHSA-5mwp-xw7p-5j27\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:43:46.468Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-23512\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-21T19:20:22.193717Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-21T19:20:32.467Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2022-23512\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"requesterUserId\": \"c184a3d9-dc98-4c48-a45b-d2d88cf0ac74\", \"dateReserved\": \"2022-01-19T21:23:53.776Z\", \"datePublished\": \"2022-12-14T13:09:36.800Z\", \"dateUpdated\": \"2025-04-21T19:20:37.099Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…