OneUptime Unauthenticated Workflow Execution Vulnerability in Worker Service ManualAPI
Vulnerability
A vulnerability exists in OneUptime versions prior to 10.0.42, where the Worker service's ManualAPI exposes workflow execution endpoints without authentication. This allows an attacker to trigger arbitrary workflows by guessing or obtaining a workflow ID, using attacker-controlled input data. The exploitation of this vulnerability could lead to unauthorized execution of JavaScript code, abuse of notification systems, and manipulation of data within the application.
Impact
Exploitation of this vulnerability allows for unauthorized execution of workflows, which can include running JavaScript code, manipulating data, and abusing notification systems by triggering false alerts or spam.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/workflow/manual/run/:workflowId' endpoint with a workflow ID and attacker-controlled data. This can be done using tools like curl or Postman, and the absence of authentication will be evident if the request is processed successfully.
Remediation
Users are advised to update to OneUptime version 10.0.42 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.