CVE-2024-29194: OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation

March 25, 2024

A security vulnerability exists in oneuptime’s local storage handling, where a regular user can escalate privileges by modifying the is_master_admin key to true. This allows unauthorized access to administrative functionalities.

References

github.com/OneUptime/oneuptime
github.com/OneUptime/oneuptime/commit/14016d23d834038dd65d3a96cf71af04b556a32c
github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq
github.com/advisories/GHSA-246p-xmg8-wmcq
nvd.nist.gov/vuln/detail/CVE-2024-29194

Detect and mitigate CVE-2024-29194 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →