CVE-2022-23512 Information
Description
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService which uses the user-provided value (testId) in new File(BODY_FILE_DIR + /\ + testId) being deleted later by file.delete(). By adding some camouflage parameters to the url an attacker can target files on the server. The vulnerability has been fixed in v2.4.1.
Reference
https://github.com/metersphere/metersphere/security/advisories/GHSA-5mwp-xw7p-5j27
MeterSphere
is
a
one-stop
open
source
continuous
testing
platform.
Versions
prior
to
2.4.1
are
vulnerable
to
Path
Injection
in
ApiTestCaseService::deleteBodyFiles
which
takes
a
user-controlled
string
id
and
passes
it
to
ApiTestCaseService
which
uses
the
user-provided
value
(testId)
in
new
File(BODY_FILE_DIR
+
/
+
testId)
being
deleted
later
by
file.delete().
By
adding
some
camouflage
parameters
to
the
url
an
attacker
can
target
files
on
the
server.
The
vulnerability
has
been
fixed
in
v2.4.1.