3 matches found
CVE-2023-49805
creationtimestamp| type| source ---|---|--- 2024-01-01 15:07:01+00:00| seen| https://t.me/ctinow/161329...
CVE-2023-49805
Uptime Kuma prior to version 1.23.9 is vulnerable to missing origin validation in Socket.IO WebSocket connections. The server does not verify the Origin header, allowing cross-origin access from third-party sites and potential exposure of sensitive data in protected endpoints, even without user i...
CVE-2023-49805 Uptime Kuma Missing Origin Validation in WebSockets
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket with Socket.io, but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting...