← volver
CVE-2025-65966

OneUptime Unauthorized User Creation via API

CVSS 8.8 HIGHEPSS 0.3%CWE-285
OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
OneUptime · oneuptime

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-m449-vh5f-574g