Dockge.Kuma Dockge vulnerabilities
2 known vulnerabilities affecting dockge.kuma/dockge.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-49805P3HIGHCVSS 8.8fixed in 1.3.32023-12-11
CVE-2023-49805 [HIGH] CWE-1385 CVE-2023-49805: Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting to the server using Socket.IO, the server does not va
nvd
CVE-2023-49804P3HIGHCVSS 7.8fixed in 1.3.32023-12-11
CVE-2023-49804 [HIGH] CVE-2023-49804: Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user chan
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, co
nvd