CVE-2024-55954

OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/{org_id}/users/{email_id} allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the high...

CVE-2024-41808

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It...