Openobserve

Openobserve

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.7

CVE-2026-39361

Exploit
  • EPSS 0.03%
  • Veröffentlicht 07.04.2026 19:02:12
  • Zuletzt bearbeitet 14.04.2026 20:28:05

OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment_url function in src/handler/http/request/enrichment_table/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding...

8.4

CVE-2025-66223

  • EPSS 0.07%
  • Veröffentlicht 29.11.2025 02:45:42
  • Zuletzt bearbeitet 15.04.2026 00:35:42

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the ...

3.5

CVE-2025-64744

  • EPSS 0.02%
  • Veröffentlicht 13.11.2025 20:30:20
  • Zuletzt bearbeitet 15.04.2026 00:35:42

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled inp...

8.7

CVE-2024-55954

  • EPSS 0.12%
  • Veröffentlicht 16.01.2025 20:15:32
  • Zuletzt bearbeitet 15.04.2026 00:35:42

OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hie...

6.1

CVE-2024-41809

  • EPSS 0.37%
  • Veröffentlicht 25.07.2024 21:15:11
  • Zuletzt bearbeitet 21.11.2024 09:33:07

OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sa...

5.4

CVE-2024-41808

Exploit
  • EPSS 1.02%
  • Veröffentlicht 25.07.2024 20:15:05
  • Zuletzt bearbeitet 21.11.2024 09:33:06

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, ...

8.8

CVE-2024-24830

Exploit
  • EPSS 0.12%
  • Veröffentlicht 08.02.2024 23:15:10
  • Zuletzt bearbeitet 27.08.2025 16:15:33

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticate...

6.5

CVE-2024-25106

Exploit
  • EPSS 0.08%
  • Veröffentlicht 08.02.2024 23:15:10
  • Zuletzt bearbeitet 21.11.2024 09:00:16

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/{org_id}/users/{email_id}" endpoint. This vulnerability all...