Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

metersphere — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting metersphere. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MeterSphere serves as an open-source continuous testing platform for APIs, UIs, and performance, primarily used in DevSecOps workflows. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The platform's security posture has been impacted by multiple CVEs, with some instances allowing unauthorized access or system compromise due to insecure default configurations and insufficient authentication mechanisms. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities highlights ongoing challenges in secure development practices within the continuous testing ecosystem.

Top products by metersphere: metersphere
CVE IDTitleCVSSSeverityPublished
CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information — metersphereCWE-200 7.5AIHighAI2025-10-22
CVE-2025-53639 Metersphere has SQL Injection Vulnerability in Sorting Field — metersphereCWE-89 8.8AIHighAI2025-07-14
CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability — metersphereCWE-79 4.0 Medium2024-06-11
CVE-2024-36118 Unauthorized viewing of workspace test cases in MeterSphere — metersphereCWE-200 3.5 Low2024-05-30
CVE-2024-32467 Meteraphsere vulnerable to unauthorized viewing by workspace members — metersphereCWE-200 5.7 Medium2024-04-25
CVE-2023-50267 MeterSphere horizontal privilege escalation vulnerability of resources in project scope. — metersphereCWE-269 4.3 Medium2023-12-28
CVE-2023-41878 Weak password of selenium VNC in MeterSphere — metersphereCWE-798 4.6 Medium2023-09-26
CVE-2023-38494 The cloud version of the MeterSphere interface leaks some sensitive data without authentication — metersphereCWE-200 5.9 Medium2023-08-04
CVE-2023-37461 Path traversal in metersphere — metersphereCWE-22 5.6 Medium2023-07-17
CVE-2023-35937 Metersphere missing permission check — metersphereCWE-862 6.0 Medium2023-07-06
CVE-2023-32699 MeterSphere denial of service vulnerability — metersphereCWE-770 6.5 Medium2023-05-30
CVE-2023-30550 IDOR vulnerability exists in metersphere — metersphereCWE-639 6.8 Medium2023-05-04
CVE-2023-25814 Arbitrary File Read Vulnerability in metersphere — metersphereCWE-22 7.1 High2023-03-09
CVE-2023-25573 Improper access control to download file in metersphere — metersphereCWE-862 8.6 High2023-03-09
CVE-2022-46178 Path Traversal In MeterSpere allows file upload to any path — metersphereCWE-22 7.4 High2022-12-29
CVE-2022-23544 Server-Side Request Forgery in Metersphere leads to Cross-Site Scripting — metersphereCWE-918 7.2 High2022-12-27
CVE-2022-23512 Metersphere is vulnerable to Path Injection. — metersphereCWE-22 7.7 High2022-12-14

This page lists every published CVE security advisory associated with metersphere. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.