CVE-2024-29194

EUVD-2024-0783

24.03.2024, 19:15

OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation.  This has been patched in 7.0.1815.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.3 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
GitHub_M	CNA	8.3 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Affected Products (NVD)

Vendor	Product	Version
hackerbay	oneuptime	7.0.1803 ≤ 𝑥 < 7.0.1815

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-639 - Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References

https://github.com/OneUptime/oneuptime/commit/14016d23d834038dd65d3a96cf71af04b556a32c

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq

https://github.com/OneUptime/oneuptime/commit/14016d23d834038dd65d3a96cf71af04b556a32c

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq