Uptime-Kuma before v1.23.0 is vulnerable to an information disclosure issue due to missing authorization on the /api/badge/1/ping/24 endpoint. An unauthenticated attacker can access this endpoint to leak ping statistics, such as average ping and ping history, for existing monitors without needing access to the protected status page. This can lead to unintended exposure of internal monitoring data.
登录后查看神龙缓存的 POC 文件快照
登录查看