CNNVD-202511-2854 Information

CNNVD ID

CNNVD-202511-2854

Related CVE

CVE-2025-65966

• CNNVD Published: 2025-11-26

Description (Chinese)

OneUptime是OneUptime开源的一个全面的解决方案。用于监控和管理您的在线服务。 OneUptime 9.0.5598版本存在授权问题漏洞，该漏洞源于低权限用户可以通过直接API请求创建新账户，可能导致绕过预期的接口限制。

Description (English)

OneUptime is a comprehensive solution for oneUptime open source. To monitor and manage your online services. OneUptime version 9.05.5598 has a mandate gap, which stems from the fact that low-authority users can request the creation of new accounts through direct API, which may result in circumventing the expected interface limitations.

Hazard Level

Medium

Vulnerability Type

授权问题

Affected Vendor

OneUptime

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-m449-vh5f-574g https://access.redhat.com/security/cve/cve-2025-65966

Patch

https://github.com/OneUptime/oneuptime/releases