Impact
The flaw is an incorrect access control in statping-ng 0.93.0 that lets an attacker gain administrator privileges, enabling them to change configuration, read logs, or manipulate monitored services. This breach threatens confidentiality, integrity, and availability, and is classified as CWE-284. Based on the description, the attacker would need to reach the statping-ng service and send a request that bypasses normal access control checks; this is likely achieved via its web interface or API.
Affected Systems
The vulnerable product is statping-ng version 0.93.0, which is used for self-hosted monitoring and status pages. Any installation running this exact version may be compromised, but no vendor details are provided.
Risk and Exploitability
With a CVSS score of 8.8 the vulnerability is high severity. The EPSS score is below 1 %, indicating a low current exploitation probability, and it is not listed in CISA KEV. The flaw does not require special privileges beyond the baseline user level, and the mitigation path would likely involve remote interaction over HTTP(S). Attackers could elevate privileges by bypassing authentication rules in the app.
OpenCVE Enrichment