QwikSec

Security Database

CVE

CWE

Training

CVE-2024-41809

Published: Jul 25, 2024

Modified: Aug 12, 2024

PUBLISHED

CVSS v3.1

7.2

HIGH

Description

OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html.

Vendor	Product	Versions
openobserve	openobserve	affected `>= 0.4.4, < 0.10.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrp

x_refsource_CONFIRM

https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02

x_refsource_MISC

https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331d

x_refsource_MISC

https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vue#L32

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.