Vantage6: Set admin user and password from environment or configuration

Impact Vantage6 currently provides an initial user with username root and password root. This is not ideal for the following reasons: - Attackers know that almost all vantage6 servers have a user with username root that probably has admin rights - The initial password is very weak and it is...

EUVD-2024-52862

Malicious code in bioql PyPI...

CVE-2024-55954

OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...

CVE-2024-55954

OpenObserve CVE-2024-55954 affects the DELETE /api/{org_id}/users/{email_id} endpoint, where insufficient role checks in remove_user_from_org allow an Admin to remove a Root user. The root cause is improper authorization within the user management endpoint, enabling a non-root to delete a highest...

CVE-2024-55954 OpenObserve Improper Authorization Allows Admin User to Remove Root User

OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...