CVE-2023-50267

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds.

Related Vulnerabilities

CVE-2015-9390

MEDIUM
CVSS:4.3(Medium)

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.

CWE-2692015

CVE-2017-10857

MEDIUM
CVSS:4.3(Medium)

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

CWE-2692017

CVE-2017-1326

MEDIUM
CVSS:4.3(Medium)

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the ...

CWE-2692017

CVE-2017-15014

MEDIUM
CVSS:4.3(Medium)

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardle...

CWE-2692017

CVE-2017-2094

MEDIUM
CVSS:4.3(Medium)

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

CWE-2692017

CVE-2017-6954

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permi...

CWE-2692017