Vulnerabilities > CVE-2021-45789 - Unspecified vulnerability in Metersphere 1.15.4

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

metersphere

NVD

Published: 2022-09-29

Updated: 2022-09-30

Summary

An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.

Vulnerable Configurations

Part	Description	Count
Application	Metersphere Metersphere Metersphere 1.15.4	1

References

https://github.com/metersphere/metersphere/issues/8652