Design/Logic Flaw

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

CVE-2024-25106

OpenObserve CVE-2024-25106 affects OpenObserve versions prior to 0.8.0. The issue is an Authorization flaw in the remove_user_from_org flow exposed at /api/{org_id}/users/{email_id}, allowing any authenticated organizational member to remove any other member (including Admin/Root), due to insuffi...

Oracle ZFS Storage Appliance Input Validation Error Vulnerability

Oracle ZFS Storage Appliance is a storage appliance that supports flash memory, petabyte file storage and built-in Oracle database from Oracle USA. A security vulnerability exists in Oracle ZFS Storage Appliance Kit version 8.8, which stems from a vulnerability that allows an elevated-privilege...

IBM Spectrum Scale Unauthorized Operation Vulnerability

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...