GHSA-23Q2-5GF8-GJPP
Vulnerability from github – Published: 2024-04-19 17:26 – Updated: 2024-04-19 17:26
VLAI
Summary
Enabling Authentication does not close all logged in socket connections immediately
Details
Summary
This is basically GHSA-88j4-pcx8-q4q but instead of changing passwords, when enabling authentication.
PoC
- Open Uptime Kuma with authentication disabled
- Enable authentication using another window
- Access the platform using the previously logged-in window
- Note that access (read-write) remains despite the enabled authentication
- Expected behaviour:
- After enabling authentication, all previously connected sessions should be invalidated, requiring users to log in.
- Actual behaviour:
- The system retains sessions and never logs out users unless explicitly done by clicking logout or refreshing the page.
Impact
See GHSA-g9v2-wqcj-j99g and GHSA-88j4-pcx8-q4q
TBH this is quite a niche edge case, so I don't know if this even warrants a security report.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.23.11"
},
"package": {
"ecosystem": "npm",
"name": "uptime-kuma"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.23.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-384"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-19T17:26:32Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Summary\nThis is basically [GHSA-88j4-pcx8-q4q](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3) but instead of changing passwords, when enabling authentication.\n\n### PoC\n- Open Uptime Kuma with authentication disabled\n- Enable authentication using another window\n- Access the platform using the previously logged-in window\n- Note that access (read-write) remains despite the enabled authentication\n- Expected behaviour:\n - After enabling authentication, all previously connected sessions should be invalidated, requiring users to log in.\n- Actual behaviour:\n - The system retains sessions and never logs out users unless explicitly done by clicking logout or refreshing the page.\n\n### Impact\nSee [GHSA-g9v2-wqcj-j99g](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g) and [GHSA-88j4-pcx8-q4q](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3)\n\nTBH this is quite a niche edge case, so I don\u0027t know if this even warrants a security report. \n",
"id": "GHSA-23q2-5gf8-gjpp",
"modified": "2024-04-19T17:26:32Z",
"published": "2024-04-19T17:26:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-23q2-5gf8-gjpp"
},
{
"type": "WEB",
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3"
},
{
"type": "WEB",
"url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
},
{
"type": "WEB",
"url": "https://github.com/louislam/uptime-kuma/commit/7a9e2f5de69aa0bb884ead25d1dcc833bb8c6579"
},
{
"type": "PACKAGE",
"url": "https://github.com/louislam/uptime-kuma"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Enabling Authentication does not close all logged in socket connections immediately "
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…