CVE-2024-25106 | OpenObserve up to 0.7.x {email_id} access control (GHSA-3m5f-9m66-xgp7)

Inserito da Angelo Barbosa | Feb 9, 2024 | CVE

A vulnerability has been found in OpenObserve up to 0.7.x and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/{org_id}/users/{email_id}. The manipulation leads to improper access controls.

This vulnerability is known as CVE-2024-25106. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-25106 | OpenObserve up to 0.7.x {email_id} access control (GHSA-3m5f-9m66-xgp7)

Post correlati

CVE-2023-6338 | Lenovo Universal Device Client prior 23.10 uncontrolled search path

CVE-2024-29824 | Ivanti Endpoint Manager RecordGoodApp sql injection

CVE-2024-38294 | ALCASAR up to 3.6.0 email_registration_back.php Privilege Escalation

CVE-2023-50722 | XWiki Platform Admin Section cross site scripting (GHSA-cp3j-273x-3jxc)