69 matches found
CVE-2026-39361
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validateenrichmenturl function in src/handler/http/request/enrichmenttable/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticated...
CVE-2026-39361
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validateenrichmenturl function in src/handler/http/request/enrichmenttable/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticated...
EUVD-2026-19869
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validateenrichmenturl function in src/handler/http/request/enrichmenttable/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticated...
CVE-2026-39361 OpenObserve has a SSRF Protection Bypass via IPv6 Bracket Notation in validate_enrichment_url
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validateenrichmenturl function in src/handler/http/request/enrichmenttable/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticated...
CVE-2026-39361 OpenObserve has a SSRF Protection Bypass via IPv6 Bracket Notation in validate_enrichment_url
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validateenrichmenturl function in src/handler/http/request/enrichmenttable/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticated...
CVE-2026-39361
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validateenrichmenturl function in src/handler/http/request/enrichmenttable/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticated...
CVE-2026-39361
OpenObserve (cloud-native observability platform)
OpenObserve 代码问题漏洞
OpenObserve is an open-source cloud-native observability platform. Versions of OpenObserve prior to 0.70.3 have code vulnerabilities that stem from failed IPv6 address verification. This vulnerability could allow authenticated attackers to access internal services...
PT-2026-30984
OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate enrichment url function in src/handler/http/request/enrichment table/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticate...
CVE-2024-41808
The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...
CVE-2024-41809
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html...
CVE-2025-66223
OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...
CVE-2025-66223
OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...
CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration
OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...
CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration
OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...
CVE-2025-66223
OpenObserve (cloud-native observability platform) before v0.16.0 is affected by an access-control issue in the invitation token lifecycle. Tokens did not expire, remained valid after a user was removed, and allowed multiple invitations to the same email with different roles—resulting in a removed...
CVE-2025-66223 OpenObserve's Invite Token Lifecycle Misconfiguration
OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...
PT-2025-48364
OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...
OpenObserve 代码问题漏洞
OpenObserve is a cloud-native observability platform open-sourced by OpenObserve. A code issue vulnerability exists in OpenObserve versions prior to 0.16.0 that stems from improper management of an organization's invitation tokens, which could lead to access control failures...
CVE-2025-64744
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...