Vulnerability-Lookup

CVE-2023-49804 (GCVE-0-2023-49804)

Vulnerability from cvelistv5 – Published: 2023-12-11 22:32 – Updated: 2024-10-09 13:32

Title

Uptime Kuma Password Change Vulnerability

Summary

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-384 - Session Fixation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/louislam/uptime-kuma/security/…	x_refsource_CONFIRM
	https://github.com/louislam/uptime-kuma/security/…	x_refsource_MISC
	https://github.com/louislam/uptime-kuma/commit/48…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	louislam	uptime-kuma	Affected: < 1.23.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:26.028Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3"
          },
          {
            "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
          },
          {
            "name": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-49804",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-05T19:28:12.832748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T13:32:12.655Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "uptime-kuma",
          "vendor": "louislam",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.23.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in  CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "CWE-384: Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-11T22:32:32.869Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3"
        },
        {
          "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
        },
        {
          "name": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0"
        }
      ],
      "source": {
        "advisory": "GHSA-88j4-pcx8-q4q3",
        "discovery": "UNKNOWN"
      },
      "title": "Uptime Kuma Password Change Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49804",
    "datePublished": "2023-12-11T22:32:32.869Z",
    "dateReserved": "2023-11-30T13:39:50.865Z",
    "dateUpdated": "2024-10-09T13:32:12.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3\", \"name\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"name\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0\", \"name\": \"https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:01:26.028Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-49804\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-05T19:28:12.832748Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-09T13:32:09.725Z\"}}], \"cna\": {\"title\": \"Uptime Kuma Password Change Vulnerability\", \"source\": {\"advisory\": \"GHSA-88j4-pcx8-q4q3\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"louislam\", \"product\": \"uptime-kuma\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.23.9\"}]}], \"references\": [{\"url\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3\", \"name\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"name\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0\", \"name\": \"https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in  CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-384\", \"description\": \"CWE-384: Session Fixation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-12-11T22:32:32.869Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-49804\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-09T13:32:12.655Z\", \"dateReserved\": \"2023-11-30T13:39:50.865Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-12-11T22:32:32.869Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-49804

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-49804

Aliases

CVE-2023-49804

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-49804",
    "id": "GSD-2023-49804"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-49804"
      ],
      "details": "Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in  CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9.",
      "id": "GSD-2023-49804",
      "modified": "2023-12-13T01:20:35.116991Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-49804",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "uptime-kuma",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 1.23.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "louislam"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in  CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-384",
                "lang": "eng",
                "value": "CWE-384: Session Fixation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3",
            "refsource": "MISC",
            "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3"
          },
          {
            "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g",
            "refsource": "MISC",
            "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
          },
          {
            "name": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0",
            "refsource": "MISC",
            "url": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-88j4-pcx8-q4q3",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:dockge.kuma:dockge:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9AD32927-6407-4711-8521-81C662CD7041",
                    "versionEndExcluding": "1.3.3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "04F74E4F-6339-4155-BE6A-B10151B8E18D",
                    "versionEndExcluding": "1.23.9",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in  CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9."
          },
          {
            "lang": "es",
            "value": "Uptime Kuma es una herramienta de monitorizaci\u00f3n autohospedada y f\u00e1cil de usar. Antes de la versi\u00f3n 1.23.9, cuando un usuario cambia su contrase\u00f1a de inicio de sesi\u00f3n en Uptime Kuma, un usuario que hab\u00eda iniciado sesi\u00f3n anteriormente conserva el acceso sin cerrar la sesi\u00f3n. Este comportamiento persiste constantemente, incluso despu\u00e9s de reiniciar el sistema o el navegador. Esta vulnerabilidad permite el acceso no autorizado a cuentas de usuarios, comprometiendo la seguridad de informaci\u00f3n confidencial. La misma vulnerabilidad se solucion\u00f3 parcialmente en CVE-2023-44400, pero se olvid\u00f3 cerrar la sesi\u00f3n de los usuarios existentes en sus cuentas. Para mitigar los riesgos asociados con esta vulnerabilidad, los mantenedores hicieron que el servidor emitiera un evento de \"actualizaci\u00f3n\" (los clientes manejan esto recargando) y luego desconectaron a todos los clientes excepto el que inici\u00f3 el cambio de contrase\u00f1a. Se recomienda actualizar Uptime Kuma a la versi\u00f3n 1.23.9."
          }
        ],
        "id": "CVE-2023-49804",
        "lastModified": "2023-12-14T19:59:50.187",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 0.8,
              "impactScore": 5.9,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-12-11T23:15:07.840",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Not Applicable"
            ],
            "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-384"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2023-49804

Vulnerability from fkie_nvd - Published: 2023-12-11 23:15 - Updated: 2024-11-21 08:33

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0	Patch
security-advisories@github.com	https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3	Vendor Advisory
security-advisories@github.com	https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g	Not Applicable

Impacted products

	Vendor	Product	Version
	dockge.kuma	dockge	*
	uptime.kuma	uptime_kuma	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dockge.kuma:dockge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AD32927-6407-4711-8521-81C662CD7041",
              "versionEndExcluding": "1.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04F74E4F-6339-4155-BE6A-B10151B8E18D",
              "versionEndExcluding": "1.23.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in  CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9."
    },
    {
      "lang": "es",
      "value": "Uptime Kuma es una herramienta de monitorizaci\u00f3n autohospedada y f\u00e1cil de usar. Antes de la versi\u00f3n 1.23.9, cuando un usuario cambia su contrase\u00f1a de inicio de sesi\u00f3n en Uptime Kuma, un usuario que hab\u00eda iniciado sesi\u00f3n anteriormente conserva el acceso sin cerrar la sesi\u00f3n. Este comportamiento persiste constantemente, incluso despu\u00e9s de reiniciar el sistema o el navegador. Esta vulnerabilidad permite el acceso no autorizado a cuentas de usuarios, comprometiendo la seguridad de informaci\u00f3n confidencial. La misma vulnerabilidad se solucion\u00f3 parcialmente en CVE-2023-44400, pero se olvid\u00f3 cerrar la sesi\u00f3n de los usuarios existentes en sus cuentas. Para mitigar los riesgos asociados con esta vulnerabilidad, los mantenedores hicieron que el servidor emitiera un evento de \"actualizaci\u00f3n\" (los clientes manejan esto recargando) y luego desconectaron a todos los clientes excepto el que inici\u00f3 el cambio de contrase\u00f1a. Se recomienda actualizar Uptime Kuma a la versi\u00f3n 1.23.9."
    }
  ],
  "id": "CVE-2023-49804",
  "lastModified": "2024-11-21T08:33:52.700",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-11T23:15:07.840",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-88J4-PCX8-Q4Q3

Vulnerability from github – Published: 2023-12-12 00:59 – Updated: 2023-12-12 00:59

Summary

Password Change Vulnerability

Details

Overview:

A moderate security vulnerability has been identified in Uptime Kuma platform that poses a significant threat to the confidentiality and integrity of user accounts.
When a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behaviour persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information.

The same vulnerability was partially fixed in https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g but logging existing users out of their accounts was forgotten.

Impact:

The impact of this vulnerability is moderate, as it enables attackers or unauthorized individuals to maintain access to user accounts even after the account password has been changed. This can lead to unauthorized data access, manipulation, or compromise of user accounts, posing a threat to the integrity and confidentiality of Uptime Kuma. A better impact-analysis is included in https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g

PoC

Change the password for a user account
Access the platform using the previously logged-in account without logging out
Note that access (read-write) remains despite the password change
Expected behaviour:
After changing the password for a user account, all previously logged-in sessions should be invalidated, requiring users to log in again with the updated credentials.
Actual behaviour:
The system retains sessions and never logs out users unless explicitly done by clicking logout.

Remediation:

To mitigate the risks associated with this vulnerability, we made the server emit a refresh event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change.

It is recommended to Update Uptime Kuma to >= 1.23.9.

Timeline:

Date	Event
2023-12-07 14:35 UTC	@manoonabbasi discovered and posts this information as a `bug`-report in issue #4188 [^1] into our public issue tracker, which is against our security policy
2023-12-07 16:50 UTC	The Uptime Kuma team deleted the post in our issue tracker
2023-12-10 18:10 UTC	Uptime Kuma team released patch and this Advisory

[^1]: deleted to prevent the spread of this vulnerability without there being a fix available

Severity ?

6.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "uptime-kuma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.23.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-49804"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-384"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-12T00:59:30Z",
    "nvd_published_at": "2023-12-11T23:15:07Z",
    "severity": "MODERATE"
  },
  "details": "## Overview:\n\nA moderate security vulnerability has been identified in Uptime Kuma platform that poses a significant threat to the confidentiality and integrity of user accounts.  \nWhen a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out.\nThis behaviour persists consistently, even after system restarts or browser restarts.\nThis vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information.\n\nThe same vulnerability was partially fixed in https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g but logging existing users out of their accounts was forgotten.\n\n## Impact:\n\nThe impact of this vulnerability is moderate, as it enables attackers or unauthorized individuals to maintain access to user accounts even after the account password has been changed. This can lead to unauthorized data access, manipulation, or compromise of user accounts, posing a threat to the integrity and confidentiality of Uptime Kuma.\nA better impact-analysis is included in https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\n\n## PoC\n\n- Change the password for a user account\n- Access the platform using the previously logged-in account without logging out\n- Note that access (read-write) remains despite the password change \n- Expected behaviour:  \n   After changing the password for a user account, all previously logged-in sessions should be invalidated, requiring users to log in again with the updated credentials.\n- Actual behaviour:  \n  The system retains sessions and never logs out users unless explicitly done by clicking logout.\n\n## Remediation:\n\nTo mitigate the risks associated with this vulnerability, we made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change.\n\nIt is recommended to Update Uptime Kuma to `\u003e= 1.23.9`. \n\n## Timeline:\n\n|Date|Event|\n|--|--|\n|2023-12-07 14:35 UTC| @manoonabbasi discovered and posts this information as a `bug`-report in issue #4188 [^1] into our **public issue tracker**, which is [**against our security policy**](https://github.com/louislam/uptime-kuma/security/policy) |\n| 2023-12-07 16:50 UTC | The Uptime Kuma team deleted the post in our issue tracker |\n| 2023-12-10 18:10 UTC | Uptime Kuma team released patch and this Advisory |\n\n[^1]: deleted to prevent the spread of this vulnerability without there being a fix available",
  "id": "GHSA-88j4-pcx8-q4q3",
  "modified": "2023-12-12T00:59:30Z",
  "published": "2023-12-12T00:59:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49804"
    },
    {
      "type": "WEB",
      "url": "https://github.com/louislam/uptime-kuma/commit/482049c72b3a650c7bc5c26c2f4d57a21c0e0aa0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/louislam/uptime-kuma"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Password Change Vulnerability"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-49804 (GCVE-0-2023-49804)

GSD-2023-49804

FKIE_CVE-2023-49804

GHSA-88J4-PCX8-Q4Q3

Overview:

Impact:

PoC

Remediation:

Timeline:

Tags

Sightings

Nomenclature