CNNVD-202511-2849 Information

CNNVD ID

CNNVD-202511-2849

Related CVE

CVE-2025-66028

• CNNVD Published: 2025-11-26

Description (Chinese)

OneUptime是OneUptime开源的一个全面的解决方案。用于监控和管理您的在线服务。 OneUptime 8.0.5567之前版本存在访问控制错误漏洞，该漏洞源于登录响应操纵，可能导致权限提升。

Description (English)

OneUptime is a comprehensive solution for oneUptime open source. To monitor and manage your online services. OneUptime 8.0.5567 has a bug in access control, which stems from login response manipulation and may lead to an increase in privileges.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

OneUptime

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-675q-66gf-gqg8 https://github.com/OneUptime/oneuptime/commit/3e72b2a9a4f50f98cf1f6cf13fa3e405715bb370 https://access.redhat.com/security/cve/cve-2025-66028

Patch

https://github.com/OneUptime/oneuptime/releases