CVE & CISA-KEV Catalog

CVE-2023-49805

MEDIUM
6.0
CVSS v3
NVD

Description

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting to the server using Socket.IO, the server does not validate the `Origin` header leading to other site being able to open connections to the server and communicate with it. Other websites still need to authenticate to access most features, however this can be used to circumvent firewall protections made in place by people deploying the application. Without origin validation, Javascript executed from another origin would be allowed to connect to the application without any user interaction. Without login credentials, such a connection is unable to access protected endpoints containing sensitive data of the application. However, such a connection may allow attacker to further exploit unseen vulnerabilities of the application. Users with "No-auth" mode configured who are relying on a reverse proxy or firewall to provide protection to the application would be especially vulnerable as it would grant the attacker full access to the application. In version 1.23.9, additional verification of the HTTP Origin header has been added to the socket.io connection handler. By default, if the `Origin` header is present, it would be checked against the Host header. Connection would be denied if the hostnames do not match, which would indicate that the request is cross-origin. Connection would be allowed if the `Origin` header is not present. Users can override this behavior by setting environment variable `UPTIME_KUMA_WS_ORIGIN_CHECK=bypass`.

How to fix

Remediation Available
dockgeNVD
Affected:< 1.3.3Fixed in:1.3.3CVE-2023-49805derived from NVD
uptime kumaNVD
Affected:< 1.23.9Fixed in:1.23.9CVE-2023-49805derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityLow
AvailabilityLow

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Exploit Intelligence

0.38%probability of exploitation in 30 days
29thpercentile

Low risk: more likely to be exploited than 29% of all known CVEs.

References

Exploit1
Embed a live status badge for CVE-2023-49805
CVE-2023-49805 severity badge

Markdown

[![CVE-2023-49805](https://tridentstack.com/cve/badge/CVE-2023-49805.svg)](https://tridentstack.com/cve/CVE-2023-49805)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-49805"><img src="https://tridentstack.com/cve/badge/CVE-2023-49805.svg" alt="CVE-2023-49805"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.