CVE-2026-32598

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs (log aggregation, Docker logs, Kubernetes pod logs) can intercept reset tokens and perform account takeover on any user. This vulnerability is fixed in 10.0.24.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:* - VULNERABLE

OneUptime < 10.0.24

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

暂无公开PoC

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-32598
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-32598
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-32598/
[4] VulDB https://vuldb.com/cve/CVE-2026-32598
[5] https://github.com/OneUptime/oneuptime/security/advisories/GHSA-4524-cj9j-g4fj

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-32598", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:55:09.670", "lastModified": "2026-03-17T20:06:09.410", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs (log aggregation, Docker logs, Kubernetes pod logs) can intercept reset tokens and perform account takeover on any user. This vulnerability is fixed in 10.0.24."}, {"lang": "es", "value": "OneUptime es una solución para monitorear y gestionar servicios en línea. Antes de la versión 10.0.24, el flujo de restablecimiento de contraseña registra la URL completa de restablecimiento de contraseña — que contiene el token de restablecimiento en texto plano — en el nivel de registro INFO, el cual está habilitado por defecto en producción. Cualquiera con acceso a los registros de la aplicación (agregación de registros, registros de Docker, registros de pods de Kubernetes) puede interceptar los tokens de restablecimiento y realizar una toma de control de cuenta de cualquier usuario. Esta vulnerabilidad está corregida en la versión 10.0.24."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.24", "matchCriteriaId": "7C58DC8F-5DF0-4005-9C60-32DA10DF1059"}]}]}], "references": [{"url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-4524-cj9j-g4fj", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}