70 matches found
CVE-2024-55954 OpenObserve Improper Authorization Allows Admin User to Remove Root User
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...
OpenObserve 安全漏洞
OpenObserve is a cloud-native observability platform open-sourced by OpenObserve. A security vulnerability exists in OpenObserve versions prior to 0.14.1, which stems from insufficient role checking in the user management endpoint /api/orgid/users/emailid, which violates a predetermined permissio...
CVE-2024-41809
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html...
CVE-2024-41809 OpenObserve Cross-site Scripting (XSS) vulnerability in `openobserve/web/src/views/MemberSubscription.vue`
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html...
CVE-2024-41809
CVE-2024-41809 OpenObserve XSS : The OpenObserve platform contains a cross-site scripting vulnerability in the file openobserve/web/src/views/MemberSubscription.vue (line 32) present in versions before 0.10.0. The issue is fixed in 0.10.0, which sanitizes incoming HTML. Several connected sources ...
CVE-2024-41809 OpenObserve Cross-site Scripting (XSS) vulnerability in `openobserve/web/src/views/MemberSubscription.vue`
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html...
CVE-2024-41809 OpenObserve Cross-site Scripting (XSS) vulnerability in `openobserve/web/src/views/MemberSubscription.vue`
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html...
CVE-2024-41808
The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...
CVE-2024-41808 OpenObserve stored XSS vulnerability may lead to complete account takeover
The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...
CVE-2024-41808
CVE-2024-41808 concerns the OpenObserve open‑source observability platform. Multiple connected sources confirm that versions through 0.9.1 do not sufficiently sanitize user input in the log filter selection menu, creating a path to a full account takeover when combined with insecure frontend auth...
CVE-2024-41808 OpenObserve stored XSS vulnerability may lead to complete account takeover
The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...
CVE-2024-41808 OpenObserve stored XSS vulnerability may lead to complete account takeover
The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...
PT-2024-29574 · Dompurify +2 · Dompurify +2
Name of the Vulnerable Software and Affected Versions: OpenObserve versions through 0.9.1 Description: The OpenObserve open-source observability platform has a security issue where it does not sanitize user input in the filter selection menu, potentially leading to complete account takeover. The...
OpenObserve 安全漏洞
OpenObserve is a cloud-native observability platform open-sourced by OpenObserve. A security vulnerability exists in OpenObserve version 0.9.1 and prior versions that stems from a failure to clean up user input in the filter selection menu, which could lead to a complete account takeover...
PT-2024-29575 · Unknown · Openobserve
Name of the Vulnerable Software and Affected Versions: OpenObserve versions 0.4.4 through 0.9.x Description: OpenObserve is an open-source observability platform that contains a cross-site scripting issue in the openobserve/web/src/views/MemberSubscription.vue file, specifically in line 32. The...
OpenObserve 安全漏洞
OpenObserve is a cloud-native observability platform open-sourced by OpenObserve. A security vulnerability exists in OpenObserve versions prior to 0.4.4 through 0.10.0, which stems from openobserve/web/src/views/MemberSubscription.vue contains a cross-site scripting vulnerability at line 32...
The vulnerability of the `remove_user_from_org(/api/{org_id}/users/{email_id})` function in the monitoring platform for logs, metrics, and tracebacks of OpenObserve allows a perpetrator to circumvent existing security restrictions and delete users from the system.
The vulnerability of the removeuserfromorg/api/orgid/users/emailid function in the monitoring platform for logs, metrics, and tracebacks of OpenObserve is related to improper access control. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions and...
CVE-2024-25106
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/orgid/users/emailid" endpoint. This vulnerability allows any authenticated user within an organization to...
CVE-2024-24830
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...
Design/Logic Flaw
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...