logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2022-46178 io.metersphere:metersphere

Package

Manager: maven
Name: io.metersphere:metersphere
Vulnerable Version: >=0 <2.5.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

EPSS: 0.00081 pctl0.24545

Details

Path Traversal In MeterSpere leads to upload file to any path ### Summary MeterSphere allow users to upload file, but not check the file name, may lead to upload file to any path if the file name in upload request is falsified. ### Details Metersphere's [`FileUtils.java`](https://github.com/metersphere/metersphere/blob/v2.5.0/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/FileUtils.java#L57) didn't check the filePath. ```java public static void createFile(String filePath, byte[] fileBytes) { File file = new File(filePath); if (file.exists()) { file.delete(); } try { File dir = file.getParentFile(); if (!dir.exists()) { dir.mkdirs(); } file.createNewFile(); } catch (Exception e) { LogUtil.error(e); } try (InputStream in = new ByteArrayInputStream(fileBytes); OutputStream out = new FileOutputStream(file)) { final int MAX = 4096; byte[] buf = new byte[MAX]; for (int bytesRead = in.read(buf, 0, MAX); bytesRead != -1; bytesRead = in.read(buf, 0, MAX)) { out.write(buf, 0, bytesRead); } } catch (IOException e) { LogUtil.error(e); MSException.throwException(Translator.get("upload_fail")); } } ``` ### Patches The vulnerability has been fixed in [v2.5.1](https://github.com/metersphere/metersphere/releases/tag/v2.5.1). https://github.com/metersphere/metersphere/commit/3a890eeeb8a6b0887927c876a73bdb3a99a82138 : add validation for file name. ### Workarounds It is recommended to upgrade the version to [v2.5.1](https://github.com/metersphere/metersphere/releases/tag/v2.5.1). ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/metersphere/metersphere/issues).

Metadata

Created: 2022-12-30T18:03:47Z
Modified: 2022-12-30T18:03:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-9p62-x3c5-hr5p/GHSA-9p62-x3c5-hr5p.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-9p62-x3c5-hr5p
Finding: F063
Auto approve: 1