CVE-2023-44400 (GCVE-0-2023-44400)

Vulnerability from cvelistv5 – Published: 2023-10-09 15:15 – Updated: 2024-09-18 20:18

Summary

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-384 - Session Fixation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/louislam/uptime-kuma/security/…	x_refsource_CONFIRM
	https://github.com/louislam/uptime-kuma/issues/3481	x_refsource_MISC
	https://github.com/louislam/uptime-kuma/commit/88…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	louislam	uptime-kuma	Affected: < 1.23.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:07:33.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
          },
          {
            "name": "https://github.com/louislam/uptime-kuma/issues/3481",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/louislam/uptime-kuma/issues/3481"
          },
          {
            "name": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44400",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T20:17:39.507104Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T20:18:45.881Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "uptime-kuma",
          "vendor": "louislam",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.23.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user\u0027s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "CWE-384: Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-09T15:19:29.540Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
        },
        {
          "name": "https://github.com/louislam/uptime-kuma/issues/3481",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/louislam/uptime-kuma/issues/3481"
        },
        {
          "name": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a"
        }
      ],
      "source": {
        "advisory": "GHSA-g9v2-wqcj-j99g",
        "discovery": "UNKNOWN"
      },
      "title": "Uptime Kuma has Persistentent User Sessions "
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-44400",
    "datePublished": "2023-10-09T15:15:07.450Z",
    "dateReserved": "2023-09-28T17:56:32.615Z",
    "dateUpdated": "2024-09-18T20:18:45.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.23.3\", \"matchCriteriaId\": \"F178E40D-CC31-4E9A-B03C-A648C13E94D2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user\u0027s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.\"}, {\"lang\": \"es\", \"value\": \"Uptime Kuma es una herramienta de monitoreo autohospedada. Antes de la versi\\u00f3n 1.23.3, los atacantes con acceso al dispositivo de un usuario pod\\u00edan obtener acceso persistente a la cuenta. Esto se debe a la falta de verificaci\\u00f3n de los tokens de sesi\\u00f3n despu\\u00e9s de cambios de contrase\\u00f1a y/o per\\u00edodos de inactividad transcurridos. La versi\\u00f3n 1.23.3 tiene un parche para el problema.\"}]",
      "id": "CVE-2023-44400",
      "lastModified": "2024-11-21T08:25:49.577",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2023-10-09T16:15:10.567",
      "references": "[{\"url\": \"https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/issues/3481\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\", \"Mitigation\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/issues/3481\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mitigation\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-384\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-44400\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-09T16:15:10.567\",\"lastModified\":\"2024-11-21T08:25:49.577\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user\u0027s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.\"},{\"lang\":\"es\",\"value\":\"Uptime Kuma es una herramienta de monitoreo autohospedada. Antes de la versi\u00f3n 1.23.3, los atacantes con acceso al dispositivo de un usuario pod\u00edan obtener acceso persistente a la cuenta. Esto se debe a la falta de verificaci\u00f3n de los tokens de sesi\u00f3n despu\u00e9s de cambios de contrase\u00f1a y/o per\u00edodos de inactividad transcurridos. La versi\u00f3n 1.23.3 tiene un parche para el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.23.3\",\"matchCriteriaId\":\"F178E40D-CC31-4E9A-B03C-A648C13E94D2\"}]}]}],\"references\":[{\"url\":\"https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/louislam/uptime-kuma/issues/3481\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\"]},{\"url\":\"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/louislam/uptime-kuma/issues/3481\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\"]},{\"url\":\"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"name\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/issues/3481\", \"name\": \"https://github.com/louislam/uptime-kuma/issues/3481\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a\", \"name\": \"https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:07:33.443Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-44400\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-18T20:17:39.507104Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T20:18:32.642Z\"}}], \"cna\": {\"title\": \"Uptime Kuma has Persistentent User Sessions \", \"source\": {\"advisory\": \"GHSA-g9v2-wqcj-j99g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"louislam\", \"product\": \"uptime-kuma\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.23.3\"}]}], \"references\": [{\"url\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"name\": \"https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/issues/3481\", \"name\": \"https://github.com/louislam/uptime-kuma/issues/3481\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a\", \"name\": \"https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user\u0027s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-384\", \"description\": \"CWE-384: Session Fixation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-09T15:19:29.540Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-44400\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-18T20:18:45.881Z\", \"dateReserved\": \"2023-09-28T17:56:32.615Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-10-09T15:15:07.450Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-44400

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-44400

Aliases

CVE-2023-44400

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-44400",
    "id": "GSD-2023-44400"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-44400"
      ],
      "details": "Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user\u0027s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.",
      "id": "GSD-2023-44400",
      "modified": "2023-12-13T01:20:38.920024Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-44400",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "uptime-kuma",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 1.23.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "louislam"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user\u0027s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-384",
                "lang": "eng",
                "value": "CWE-384: Session Fixation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g",
            "refsource": "MISC",
            "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
          },
          {
            "name": "https://github.com/louislam/uptime-kuma/issues/3481",
            "refsource": "MISC",
            "url": "https://github.com/louislam/uptime-kuma/issues/3481"
          },
          {
            "name": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a",
            "refsource": "MISC",
            "url": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-g9v2-wqcj-j99g",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.23.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-44400"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user\u0027s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-384"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/louislam/uptime-kuma/issues/3481",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Mitigation"
              ],
              "url": "https://github.com/louislam/uptime-kuma/issues/3481"
            },
            {
              "name": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a"
            },
            {
              "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-10-13T18:24Z",
      "publishedDate": "2023-10-09T16:15Z"
    }
  }
}

FKIE_CVE-2023-44400

Vulnerability from fkie_nvd - Published: 2023-10-09 16:15 - Updated: 2024-11-21 08:25

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a	Patch
security-advisories@github.com	https://github.com/louislam/uptime-kuma/issues/3481	Issue Tracking, Mitigation
security-advisories@github.com	https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/louislam/uptime-kuma/issues/3481	Issue Tracking, Mitigation
af854a3a-2127-422b-91ae-364da2661108	https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	uptime.kuma	uptime_kuma	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:uptime.kuma:uptime_kuma:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F178E40D-CC31-4E9A-B03C-A648C13E94D2",
              "versionEndExcluding": "1.23.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user\u0027s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue."
    },
    {
      "lang": "es",
      "value": "Uptime Kuma es una herramienta de monitoreo autohospedada. Antes de la versi\u00f3n 1.23.3, los atacantes con acceso al dispositivo de un usuario pod\u00edan obtener acceso persistente a la cuenta. Esto se debe a la falta de verificaci\u00f3n de los tokens de sesi\u00f3n despu\u00e9s de cambios de contrase\u00f1a y/o per\u00edodos de inactividad transcurridos. La versi\u00f3n 1.23.3 tiene un parche para el problema."
    }
  ],
  "id": "CVE-2023-44400",
  "lastModified": "2024-11-21T08:25:49.577",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-09T16:15:10.567",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Mitigation"
      ],
      "url": "https://github.com/louislam/uptime-kuma/issues/3481"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation"
      ],
      "url": "https://github.com/louislam/uptime-kuma/issues/3481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-G9V2-WQCJ-J99G

Vulnerability from github – Published: 2023-10-10 21:29 – Updated: 2023-10-13 22:04

Summary

Uptime Kuma has Persistentent User Sessions

Details

Summary

Attackers with access to a users' device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity-periods.

Details

uptime-kuma sets JWT tokens for users after successful authentication.

These tokens have the following design flaws: - After successful login, a JWT token and it is stored in sessionStorage or localStorage. Which of the two is decided based on the Remember Me button. The users' token is valid without any time limitation, even after long periods of inactivity. This increases the risk of session hijacking if, for example, a user forgets to log off and leaves the PC. - sessions are only deleted on the client side after a user loggs out, meaning a local attacker could reuse said token with deep system access over the browser - If a user changes a password - any previously logged in clients are not logged out - previously issued tokens remained valid forever

These flaws allow user cookies to remain valid even after changing passwords or being inactive, posing a high security risk.

POC

Password resets not deactivating cookies

Log in.
Note the user cookie.
Change your password.
Attempt to log in again with the same cookie.
The cookie remains valid despite the password change.

Inactivity not deactivating sessions

In testing, even after a period of over a day of inactivity, the session was still valid

Impact

Another person with local access to the device could take over the session permanently, even after hours of previous inactivity or a password change. Such activity would not be obvious to the user (see https://github.com/louislam/uptime-kuma/issues/3481 if you want to help with this).

With this gained account access, an attacker can cause:

confidentially loss

monitors (including private ones not shared on public status pages)
notification providers
settings like api-keys (only used for accessing /metrics)
settings like secrets like the Steam API Key
maintenance periods

availability loss

by creating a lot of monitors and setting the retention policy very high leading to degraded database performance or out of storage
by creating a lot of HTTP(s) - Browser Engine (Chrome/Chromium) (Beta) leading to RAM exhaustion

integrity loss

by the attacker deleting a monitor
by the attacker deleting a monitor's history
by the atacker changing the meaning of a monitor (changing where it points)

scope creep

If operated in some restricted network, access to monitors may provide the ability to change the scope of the attack to a different piece of infrastructure, for example via SQL commands to a database server. We have not classified this as changed scope because credentials stored in the application for accessing other systems are existing valid paths across the trust boundary, and the user should be aware of that.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "uptime-kuma"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.23.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-44400"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-384"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-10T21:29:23Z",
    "nvd_published_at": "2023-10-09T16:15:10Z",
    "severity": "HIGH"
  },
  "details": "# Summary\n\nAttackers with access to a users\u0027 device can gain persistent account access.\nThis is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity-periods.\n\n# Details\n\n`uptime-kuma` sets JWT tokens for users after successful authentication.\n\nThese tokens have the following design flaws:\n- After successful login, a JWT token and it is stored in `sessionStorage` or `localStorage`. \n  Which of the two is decided based on the `Remember Me` button. \n  The users\u0027 token is valid without any time limitation, even after long periods of inactivity. \n  This increases the risk of session hijacking if, for example, a user forgets to log off and leaves the PC.\n- sessions are only deleted on the client side after a user loggs out, meaning a local attacker could reuse said token with deep system access over the browser\n- If a user changes a password\n  - any previously logged in clients are not logged out\n  - previously issued tokens remained valid forever\n\nThese flaws allow user cookies to remain valid even after changing passwords or being inactive, posing a high security risk.\n\n# POC\n### Password resets not deactivating cookies\n- Log in.\n- Note the user cookie.\n- Change your password.\n- Attempt to log in again with the same cookie.\n- The cookie remains valid despite the password change.\n\n### Inactivity not deactivating sessions\n In testing, even after a period of over a day of inactivity, the session was still valid\n\n# Impact\n\nAnother person with local access to the device could take over the session permanently, even after hours of previous inactivity or a password change.\nSuch activity would not be obvious to the user (see https://github.com/louislam/uptime-kuma/issues/3481 if you want to help with this).\n\nWith this gained account access, an attacker can cause:\n\n## confidentially loss\n- monitors (including private ones not shared on public status pages)\n- notification providers \n- settings like `api-keys` (only used for accessing `/metrics`)\n- settings like secrets like the `Steam API Key`\n- maintenance periods\n\n## availability loss \n\n- by creating a lot of monitors and setting the retention policy very high leading to degraded database performance or out of storage\n- by creating a lot of `HTTP(s) - Browser Engine (Chrome/Chromium) (Beta)` leading to RAM exhaustion\n\n## integrity loss\n- by the attacker deleting a monitor\n- by the attacker deleting a monitor\u0027s history\n- by the atacker changing the meaning of a monitor (changing where it points)\n\n## scope creep\nIf operated in some restricted network, access to monitors may provide the ability to change the scope of the attack to a different piece of infrastructure, for example via SQL commands to a database server.\nWe have not classified this as `changed scope` because credentials stored in the application for accessing other systems are existing valid paths across the trust boundary, and the user should be aware of that.",
  "id": "GHSA-g9v2-wqcj-j99g",
  "modified": "2023-10-13T22:04:34Z",
  "published": "2023-10-10T21:29:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44400"
    },
    {
      "type": "WEB",
      "url": "https://github.com/louislam/uptime-kuma/issues/3481"
    },
    {
      "type": "WEB",
      "url": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/louislam/uptime-kuma"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uptime Kuma has Persistentent User Sessions"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-44400 (GCVE-0-2023-44400)

GSD-2023-44400

FKIE_CVE-2023-44400

GHSA-G9V2-WQCJ-J99G

Summary

Details

POC

Password resets not deactivating cookies

Inactivity not deactivating sessions

Impact

confidentially loss

availability loss

integrity loss

scope creep

Tags

Sightings

Nomenclature