A critical sandbox escape vulnerability in OneUptime allows unauthenticated or low-privileged users to achieve full cluster compromise and steal sensitive infrastructure credentials within seconds.

This vulnerability stems from the use of the insecure node:vm module for custom JavaScript monitoring, which permits a trivial sandbox escape. Exploitation is possible by unauthenticated users if open registration is enabled, or by users with the "ProjectMember" role.

A successful exploit grants an attacker full access to the underlying process and host networking. This results in the immediate exposure of critical secrets, including ONEUPTIME_SECRET, DATABASE_PASSWORD, REDIS_PASSWORD, and CLICKHOUSE_PASSWORD. Given the CVSS score of 9.9, this represents a total loss of confidentiality, integrity, and availability for the entire monitoring cluster.

Immediate Action: Administrators must upgrade OneUptime to version 10.0.5 or later immediately to resolve the insecure code execution path.

Proactive Monitoring: Review system environment logs and audit project member activity for any unauthorized custom JavaScript monitors created prior to patching.

Compensating Controls: Disable open registration and restrict the "ProjectMember" role's ability to create custom monitors until the environment is fully patched.

Public Exploit Available: false

The severity of this flaw cannot be overstated, as it provides a direct path from low-privileged access to full infrastructure control. Organizations using OneUptime must prioritize the update to version 10.0.5 immediately to prevent catastrophic data breaches and system takeover.