Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OneUptime: Path Traversal — Arbitrary File Read (No Auth)
Vulnerability Description
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file path passed to res.sendFile() in orker/FeatureSet/Workflow/Index.ts with no sanitization or authentication middleware. This vulnerability is fixed in 10.0.21.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OneUptime 路径遍历漏洞
Vulnerability Description
OneUptime是OneUptime开源的一个全面的解决方案。用于监控和管理您的在线服务。 OneUptime 10.0.21之前版本存在路径遍历漏洞,该漏洞源于/workflow/docs/:componentName端点路径遍历,可能导致任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A