FKIE_CVE-2024-41808

Vulnerability from fkie_nvd - Published: 2024-07-25 20:15 - Updated: 2024-11-21 09:33
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim's account provided they meet the exploitation steps. As of time of publication, no patched version is available.
References
security-advisories@github.comhttps://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76jExploit, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76jExploit, Mitigation, Vendor Advisory
Impacted products
Vendor Product Version
openobserve openobserve *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openobserve:openobserve:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B19834C1-B457-44B3-90C0-141BF51DAEF8",
              "versionEndIncluding": "0.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim\u0027s account provided they meet the exploitation steps. As of time of publication, no patched version is available."
    },
    {
      "lang": "es",
      "value": "La plataforma de observabilidad de c\u00f3digo abierto OpenObserve brinda la capacidad de filtrar registros en un panel por los valores cargados en un registro determinado. Sin embargo, todas las versiones de la plataforma hasta la 0.9.1 no sanitizan la entrada del usuario en el men\u00fa de selecci\u00f3n de filtros, lo que puede resultar en una apropiaci\u00f3n total de la cuenta. Se ha observado que el front-end utiliza `DOMPurify` o plantillas Vue para escapar ampliamente del cross-site scripting (XSS), sin embargo, ciertas \u00e1reas del front-end carecen de esta protecci\u00f3n XSS. Al combinar la protecci\u00f3n faltante con el manejo de autenticaci\u00f3n inseguro que utiliza el front-end, un usuario malintencionado puede hacerse cargo de la cuenta de cualquier v\u00edctima siempre que cumpla con los pasos de explotaci\u00f3n. Al momento de la publicaci\u00f3n, no hay ninguna versi\u00f3n parcheada disponible."
    }
  ],
  "id": "CVE-2024-41808",
  "lastModified": "2024-11-21T09:33:06.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-25T20:15:05.153",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.