Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OneUptime: WhatsApp Webhook Missing Signature Verification
Vulnerability Description
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler (/notification/whatsapp/webhook) processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any unauthenticated attacker to send forged webhook payloads that manipulate notification delivery status records, suppress alerts, and corrupt audit trails. The codebase already implements proper signature verification for Slack webhooks. This issue has been patched in version 10.0.34.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
OneUptime 数据伪造问题漏洞
Vulnerability Description
OneUptime是OneUptime开源的一个全面的解决方案。用于监控和管理您的在线服务。 OneUptime 10.0.34之前版本存在数据伪造问题漏洞,该漏洞源于WhatsApp POST webhook处理程序未验证X-Hub-Signature-256 HMAC签名,可能导致未经验证的攻击者发送伪造的webhook有效载荷,从而操纵通知传递状态记录、抑制警报并破坏审计跟踪。
CVSS Information
N/A
Vulnerability Type
N/A