Privilege Escalation

@oneuptime/common is vulnerable to privilege escalation. The vulnerability is due to improper validation of the isMasterAdmin parameter in the login response, which allows an attacker to manipulate its value and gain unauthorized access to the admin dashboard...

EUVD-2025-199750

OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying...

CVE-2025-66028

CVE-2025-66028 affects OneUptime before version 8.0.5567. The vulnerability arises from login response handling where a parameter named isMasterAdmin could be manipulated from false to true, enabling access to the admin dashboard interface. While the description notes that the attacker may still ...

OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

Summary During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not hav...

GHSA-675Q-66GF-GQG8 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation

Summary During the login process, the server response included a parameter called isMasterAdmin. By intercepting and modifying this parameter value from false to true, a user is able to gain access to the admin dashboard interface. However, despite accessing the admin panel, the user does not hav...

PT-2025-48172

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 8.0.5567 Description OneUptime, a service monitoring solution, contains a flaw that allows for privilege escalation. By altering the isMasterAdmin parameter within the login response, an attacker can potentially gai...