Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
Vulnerability Description
OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This has been patched in 7.0.1815.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
OneUptime 安全漏洞
Vulnerability Description
OneUptime是OneUptime开源的一个全面的解决方案。用于监控和管理您的在线服务。 OneUptime 7.0.1815之前版本存在安全漏洞,该漏洞源于对Web应用程序中客户端存储的数据进行不正确的验证,通过本地存储密钥操作可以升级权限。
CVSS Information
N/A
Vulnerability Type
N/A