cbcvebase.
CVE-2023-44400
published 2023-10-09

CVE-2023-44400: Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is…

PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.27%
18.3th percentile
Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.

Affected

5 ranges
VendorProductVersion rangeFixed in
dockge.kumadockge< 1.3.31.3.3
louislamuptime-kuma< 1.23.91.23.9
louislamuptime-kuma>= 0 < 1.23.31.23.3
uptime.kumauptime_kuma< 1.23.91.23.9
uptime.kumauptime_kuma< 1.23.31.23.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.