Saunders-Jake

**Name of the Vulnerable Software and Affected Versions** OneUptime versions prior to 7.0.1815 **Description** The issue lies in the improper validation of client-side stored data within the web application. Specifically, the `is master admin` key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This allows unauthorized access to administrative functionalities and represents a high security risk. An attacker could see the list of users who signed up to OneUptime. **Recommendations** For versions prior to 7.0.1815, update to version 7.0.1815 to resolve the issue. As a temporary workaround, consider restricting access to the `is master admin` key in the local storage to minimize the risk of exploitation.