Path Traversal in uploadAttachment in metersphere/metersphere

Valid

Reported on

Jun 26th 2023

POC : see https://1drv.ms/v/s!Avwg5C1eKVA4gl3LF2hgRyVNrSqk?e=DHbHKF

We also contact the Maintainer through email lujie.ac.cn

Impact

it can allow an attacker to gain unauthorized access to sensitive files and directories on the web server. This can include configuration files, user credentials, and other sensitive data that can be used to launch further attacks or steal valuable information.

In some cases, Path Traversal can be used to execute arbitrary code on the web server by accessing executable files outside of the web directory. This can result in a complete compromise of the web server and even the host system, allowing the attacker to gain complete control over the system.

We are processing your report and will contact the metersphere team within 24 hours. 3 months ago

lujiefsi modified the report

3 months ago

We have contacted a member of the metersphere team and are waiting to hear back 3 months ago

lujiefsi

commented 2 months ago

Researcher

hi @admin: this vernerability has been fixed via https://github.com/metersphere/metersphere/commit/45f03692ad498dc8c6c3c7fbbf4e578a029deac6 . And it also has assigned with CVE-2023-37461

could you please assign CVE-2023-37461 on this report, and mark this report as vaild

lujiefsi

commented 2 months ago

Researcher

hi @admin : this vernerability has been fixed via https://github.com/metersphere/metersphere/commit/45f03692ad498dc8c6c3c7fbbf4e578a029deac6 . And it also has assigned with CVE-2023-37461

could you please assign CVE-2023-37461 on this report, and mark this report as vaild

Ben Harvie validated this vulnerability a month ago

lujiefsi has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Ben Harvie marked this as fixed in 45f03692ad498dc8c6c3c7fbbf4e578a029deac6 with commit 45f036 a month ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

Ben Harvie published this vulnerability a month ago

to join this conversation

We are processing your report and will contact the metersphere team within 24 hours. 3 months ago

lujiefsi modified the report

3 months ago

We have contacted a member of the metersphere team and are waiting to hear back 3 months ago

lujiefsi

commented 2 months ago

Researcher

hi @admin: this vernerability has been fixed via https://github.com/metersphere/metersphere/commit/45f03692ad498dc8c6c3c7fbbf4e578a029deac6 . And it also has assigned with CVE-2023-37461

could you please assign CVE-2023-37461 on this report, and mark this report as vaild

lujiefsi

commented 2 months ago

Researcher

hi @admin : this vernerability has been fixed via https://github.com/metersphere/metersphere/commit/45f03692ad498dc8c6c3c7fbbf4e578a029deac6 . And it also has assigned with CVE-2023-37461

could you please assign CVE-2023-37461 on this report, and mark this report as vaild

Ben Harvie validated this vulnerability a month ago

lujiefsi has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Ben Harvie marked this as fixed in 45f03692ad498dc8c6c3c7fbbf4e578a029deac6 with commit 45f036 a month ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

Ben Harvie published this vulnerability a month ago

to join this conversation