CVE-2024-32467

Published: Apr 25, 2024Modified: Sep 4, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.

Affected (1)

Products: Metersphere: Metersphere

Metersphere

1 product

Metersphere

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Metersphere Metersphere	Before 2.10.14

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.