3 matches found
CVE-2024-24830
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...
CVE-2024-24830 OpenObserve Privilege Escalation Vulnerability in Users API
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...
CVE-2024-24830
CVE-2024-24830 affects OpenObserve. The vulnerability lies in the "/api/{org_id}/users" endpoint, where the payload allows an authenticated regular user (member) to create new users with elevated privileges, including the root role. The root cause is that the user creation process does not valida...