Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page
Vulnerability Description
Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query before returning data. The ping endpoint skips this check entirely, allowing unauthenticated users to extract average ping/response time data for private monitors. This vulnerability is fixed in 2.2.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Uptime Kuma 安全漏洞
Vulnerability Description
Uptime Kuma是Louis Lam个人开发者的一个易于使用的自托管监控工具。 Uptime Kuma 2.0.0至2.1.3版本存在安全漏洞,该漏洞源于未验证请求的监视器是否属于公共组,可能导致未经验证的用户提取私有监视器的平均ping或响应时间数据。
CVSS Information
N/A
Vulnerability Type
N/A