CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...

A Bootiful Podcast: Observability legend Jonatan Ivanov on the latest and greatest in Micrometer

Hi, Spring fans! In this installment we talk to observability legend Jonatan Ivanov about the latest and greatest in the wide and wonderful world of observability. Turns out a library that's used by countless projects including and beyond the Spring ecosystem keeps quite busy!...

CVE-2024-41809

OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html...

CVE-2024-41809

CVE-2024-41809 OpenObserve XSS : The OpenObserve platform contains a cross-site scripting vulnerability in the file openobserve/web/src/views/MemberSubscription.vue (line 32) present in versions before 0.10.0. The issue is fixed in 0.10.0, which sanitizes incoming HTML. Several connected sources ...

CVE-2024-41808

CVE-2024-41808 concerns the OpenObserve open‑source observability platform. Multiple connected sources confirm that versions through 0.9.1 do not sufficiently sanitize user input in the log filter selection menu, creating a path to a full account takeover when combined with insecure frontend auth...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 277. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 277 Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote...

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 277 Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted reques...

This Week in Spring - July 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the middle of July! I can't believe it! Things have been just rushing by! did you see this awesome talk on observability by Tommy Ludwig and Jonatan Ivanov from Spring IO 2024? What is a ReadWriteLock? Spring for GraphQL...

ROS-20240716-01

OpenSearch software package vulnerability related to unintentional access to resources of of users in the Dashboards Reports plugin. Exploitation of the vulnerability could allow an attacker to compromise the integrity of data. impact data integrity OpenSearch software package vulnerability relat...

OpenSearch Observability does not properly restrict access to private tenant resources

Summary An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The la...

GHSA-77VC-RJ32-2R33 OpenSearch Observability does not properly restrict access to private tenant resources

Summary An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The la...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 275. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

CVE-2024-39901

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

CVE-2024-39901

OpenSearch Observability plugins contain an access-control flaw that may allow users to access private tenant resources (e.g., notebooks) without verifying they are the resource author. Root cause: improper validation of the resource author when accessing private-tenant resources. Impact noted ac...

CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

Security Bulletin: IBM Instana Observability is vulnerable to Improper Input Validation due to Apache Avro Java SDK

Summary Vulnerability in Apache Avro Java SDK was remediated in IBM Observability with Instana Build 275. CVE-2023-39410 Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...

BIT-HUBBLE-UI-BACKEND-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...