4 matches found
CVE-2022-0191
The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...
CVE-2024-25106
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/orgid/users/emailid" endpoint. This vulnerability allows any authenticated user within an organization to...
CVE-2024-25106
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/orgid/users/emailid" endpoint. This vulnerability allows any authenticated user within an organization to...
CVE-2024-25106
OpenObserve CVE-2024-25106 affects OpenObserve versions prior to 0.8.0. The issue is an Authorization flaw in the remove_user_from_org flow exposed at /api/{org_id}/users/{email_id}, allowing any authenticated organizational member to remove any other member (including Admin/Root), due to insuffi...