Vulnerability	Vulnerable Version
M Incorrect Authorization @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected versions of this package are vulnerable to Incorrect Authorization due to trusting the client-supplied `isMasterAdmin` parameter during login. An attacker can gain access to the admin dashboard interface by intercepting and modifying the `isMasterAdmin` value from false to true. Note: This is only exploitable if the attacker is able to intercept and alter the login response. How to fix Incorrect Authorization? Upgrade `@oneuptime/common` to version 8.0.5567 or higher.	<8.0.5567
H Incorrect Authorization @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected versions of this package are vulnerable to Incorrect Authorization via the `user-creation` endpoint which a user can create new accounts through a direct API request. An attacker can gain unauthorized access by sending crafted API requests to create new accounts. How to fix Incorrect Authorization? Upgrade `@oneuptime/common` to version 9.1.0 or higher.	<9.1.0

Incorrect Authorization

@oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c

Affected versions of this package are vulnerable to Incorrect Authorization due to trusting the client-supplied isMasterAdmin parameter during login. An attacker can gain access to the admin dashboard interface by intercepting and modifying the isMasterAdmin value from false to true.

Note: This is only exploitable if the attacker is able to intercept and alter the login response.

How to fix Incorrect Authorization?

Upgrade @oneuptime/common to version 8.0.5567 or higher.

<8.0.5567

Incorrect Authorization

Affected versions of this package are vulnerable to Incorrect Authorization via the user-creation endpoint which a user can create new accounts through a direct API request. An attacker can gain unauthorized access by sending crafted API requests to create new accounts.

How to fix Incorrect Authorization?

Upgrade @oneuptime/common to version 9.1.0 or higher.

<9.1.0

Go back to all versions of this package