Security
Headlines

Headlines Latest CVEs

Headline

GHSA-675q-66gf-gqg8: OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

Summary

During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not have sufficient permissions to view or interact with actual data.

PoC

Intercept the login response and change “isMasterAdmin": false → “isMasterAdmin": true <img width="1405” height="567” alt="image" src="https://github.com/user-attachments/assets/7036398b-bb41-46c1-b66a-e49ec2bc3abb" /> <img width="1533" height="476" alt="2" src="https://github.com/user-attachments/assets/4efcaef5-a939-4729-be43-3af62a7d02f8" />

Impact

The admin dashboard is viewable.

24 days ago

Summary

During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not have sufficient permissions to view or interact with actual data.

PoC

Intercept the login response and change "isMasterAdmin": false → "isMasterAdmin": true

Impact

The admin dashboard is viewable.

References

GHSA-675q-66gf-gqg8
OneUptime/oneuptime@3e72b2a

ghsa: Latest News

GHSA-f43r-cc68-gpx4: External Control of File Name or Path in Langflow

6 hours ago

GHSA-5993-7p27-66g5: Langflow vulnerable to Server-Side Request Forgery

6 hours ago

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

7 hours ago

GHSA-4hx9-48xh-5mxr: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

7 hours ago

GHSA-5j53-63w8-8625: FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

8 hours ago