OneUptime Authorization Bypass Vulnerability in UserWhatsApp Resend Verification Endpoint
Vulnerability
An authorization bypass vulnerability has been identified in OneUptime version 10.0.21 and prior. The issue resides in the 'resend-verification-code' endpoint of the UserWhatsAppAPI, allowing any authenticated user to request a verification code for any UserWhatsApp record by ID, without validating ownership. This vulnerability could lead to spamming victims' phone numbers, causing social engineering pressures and potential lockout situations due to repeated verification requests.
Impact
Exploitation of this vulnerability could result in spamming victims' phone numbers with verification codes, creating social engineering pressures and potential lockout situations due to repeated resends.
Reproduction
To reproduce this vulnerability, an authenticated user must send a POST request to the 'resend-verification-code' endpoint with an 'itemId' corresponding to a victim's UserWhatsApp record. The request must include an authorization header with a valid access token for the authenticated user.
Remediation
Users are advised to update to OneUptime version 10.0.21 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.