Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OneUptime: Missing Authentication on Notification Endpoints
Vulnerability Description
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
OneUptime 访问控制错误漏洞
Vulnerability Description
OneUptime是OneUptime开源的一个全面的解决方案。用于监控和管理您的在线服务。 OneUptime 10.0.42之前版本存在访问控制错误漏洞,该漏洞源于未经身份验证即可访问通知测试和电话号码管理端点,可能导致滥用短信、通话、电子邮件、WhatsApp和购买电话号码。
CVSS Information
N/A
Vulnerability Type
N/A