CVE-2023-49804

Name of the Vulnerable Software and Affected Versions Uptime Kuma versions prior to 1.23.9

Description The issue allows unauthorized access to user accounts, compromising the security of sensitive information. When a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. To mitigate the risks associated with this issue, the maintainers made the server emit a refresh event and then disconnecting all clients except the one initiating the password change.

Recommendations Update Uptime Kuma to version 1.23.9 or later. As a temporary workaround, consider restricting access to sensitive information until the update is applied.