This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OneUptime suffers from **OS Command Injection** (CWE-78).β¦
π‘οΈ **Root Cause**: Flaw in `NetworkPathMonitor.performTraceroute()`. π **Flaw**: The code fails to sanitize the **Target Field** input, allowing shell metacharacters to be injected directly into system commands. β οΈ
π **Auth Required**: **YES**. βοΈ **Threshold**: Low. Requires only **authenticated project user** status. No UI interaction needed (UI:N). π―
Q6Is there a public Exp? (PoC/Wild Exploitation)
π« **Public Exp**: **No**. The `pocs` array is empty in the provided data. π΅οΈββοΈ **Status**: No known wild exploitation reported yet. π
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for OneUptime instances running version **10.0.6 or lower**. π οΈ **Feature**: Look for the `NetworkPathMonitor` traceroute functionality. π‘
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: **YES**. π οΈ **Patch**: Update to **OneUptime 10.0.7** or later. π **Ref**: See GitHub Advisory GHSA-jmhp-5558-qxh5. π
Q9What if no patch? (Workaround)
π§ **Workaround**: If unpatched, **disable** the `NetworkPathMonitor` traceroute feature. π« **Restrict**: Limit access to the monitoring interface to trusted IPs only. π‘οΈ
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **HIGH**. π **CVSS**: 9.8 (Critical). π¨ **Priority**: Patch immediately. Even with auth, the impact is total system takeover. β³