CRITICALCVE-2024-25106CVSS 9.1

OpenObserve में उपयोगकर्ताओं API में अनधिकृत पहुंच भेद्यता

Q: What is CVE-2024-25106 — Critical User Removal in OpenObserve?

CVE-2024-25106 is a critical vulnerability in OpenObserve versions ≤0.7.9 that allows authenticated users to remove any other user, including administrators, potentially granting unauthorized access and control.

Q: Am I affected by CVE-2024-25106 in OpenObserve?

If you are running OpenObserve version 0.7.9 or earlier, you are affected by this vulnerability and should prioritize upgrading to a patched version.

Q: How do I fix CVE-2024-25106 in OpenObserve?

The recommended fix is to upgrade to OpenObserve version 0.8.0 or later. Temporary workarounds include restricting access to the vulnerable endpoint and reviewing user permissions.

Q: Is CVE-2024-25106 being actively exploited?

While no active exploitation has been publicly confirmed, the vulnerability's ease of exploitation and critical severity suggest a high probability of exploitation if left unpatched.

Q: Where can I find the official OpenObserve advisory for CVE-2024-25106?

Refer to the OpenObserve security advisory for detailed information and updates: [https://github.com/openobserve/openobserve/security/advisories/GHSA-9g7x-x453-4444](https://github.com/openobserve/openobserve/security/advisories/GHSA-9g7x-x453-4444)

प्लेटफ़ॉर्म

घटक

openobserve

में ठीक किया गया

0.8.1

AI Confidence: highNVDEPSS 0.1%समीक्षित: मई 2026

NVD पर देखें

सहेजें

आपकी भाषा में अनुवाद हो रहा है…

A critical vulnerability (CVE-2024-25106) has been discovered in OpenObserve, an observability platform designed for petabyte-scale log, metric, and trace analysis. This vulnerability resides in the /api/{orgid}/users/{emailid} endpoint and allows authenticated users within an organization to remove any other user, regardless of their role, including administrators. The vulnerability impacts OpenObserve versions 0.7.9 and earlier, and a fix is available in version 0.8.0.

इस CVE को अपने प्रोजेक्ट में पहचानें

अपनी go.mod फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।

go.mod अपलोड करें

प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…

The impact of CVE-2024-25106 is severe due to its potential for complete organizational control compromise. An attacker, possessing even a low-privilege account within an OpenObserve organization, can leverage this vulnerability to remove all other users, including those with administrative privileges. This effectively grants the attacker full control over the OpenObserve instance, enabling them to access sensitive data, modify configurations, and potentially pivot to other systems within the organization. The ability to remove root users bypasses all standard access controls, making this a high-impact privilege escalation vulnerability. This is akin to a complete takeover of the observability platform, potentially exposing critical operational data and hindering incident response capabilities.

शोषण संदर्भअनुवाद हो रहा है…

CVE-2024-25106 was publicly disclosed on February 8, 2024. The vulnerability is not currently listed on the CISA KEV catalog, but its critical severity warrants close monitoring. Public proof-of-concept exploits are not yet widely available, but the ease of exploitation, given the requirement of only an authenticated user account, suggests a high probability of exploitation if left unpatched. The vulnerability's impact on observability data makes it a particularly attractive target for malicious actors seeking to disrupt operations or exfiltrate sensitive information.

कौन जोखिम में हैअनुवाद हो रहा है…

Organizations utilizing OpenObserve for observability and monitoring are at risk, particularly those with multiple users and a reliance on the platform for critical operational insights. Environments with shared hosting configurations or those that have not implemented robust access control policies are especially vulnerable, as a compromised low-privilege account could be leveraged to gain complete control.

पहचान के चरणअनुवाद हो रहा है…

• linux / server:

journalctl -u openobserve -g "user removal"

• generic web:

curl -s -X DELETE "http://openobserve/api/{org_id}/users/{email_id}" | grep -i "success"

• generic web:

 grep -i "user removal" /var/log/nginx/access.log

हमले की समयरेखा

2024-02-08Disclosure
disclosure

खतरा खुफिया

एक्सप्लॉइट स्थिति

प्रूफ ऑफ कॉन्सेप्टअज्ञात

CISA KEVNO

इंटरनेट एक्सपोज़रउच्च

EPSS

0.08% (25% शतमक)

CISA SSVC

शोषणnone

स्वचालनीयno

तकनीकी प्रभावpartial

CVSS वेक्टर

इन मेट्रिक्स का क्या मतलब है?

Attack Vector: नेटवर्क — इंटरनेट के माध्यम से दूरस्थ रूप से शोषण योग्य। कोई भौतिक या स्थानीय पहुंच आवश्यक नहीं।
Attack Complexity: निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
Privileges Required: निम्न — कोई भी वैध उपयोगकर्ता खाता पर्याप्त है।
User Interaction: कोई नहीं — स्वचालित और मूक हमला। पीड़ित कुछ नहीं करता।
Scope: बदला हुआ — हमला कमज़ोर घटक से परे अन्य प्रणालियों तक फैल सकता है।
Confidentiality: उच्च — पूर्ण गोपनीयता हानि। हमलावर सभी डेटा पढ़ सकता है।
Integrity: निम्न — हमलावर सीमित दायरे में कुछ डेटा बदल सकता है।
Availability: निम्न — आंशिक या रुक-रुक कर सेवा से इनकार।

प्रभावित सॉफ्टवेयर

घटकopenobserve

विक्रेताopenobserve

प्रभावित श्रेणीमें ठीक किया गया

< 0.8.0 – < 0.8.00.8.1

कमजोरी वर्गीकरण (CWE)

CWE-284 CWE-272 CWE-269 CWE-285 CWE-287

समयरेखा

आरक्षित2024-02-05
प्रकाशित2024-02-08
संशोधित2024-08-01
EPSS अद्यतन2026-04-02

शमन और वर्कअराउंडअनुवाद हो रहा है…

The primary mitigation for CVE-2024-25106 is to immediately upgrade OpenObserve to version 0.8.0 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restricting access to the /api/{orgid}/users/{emailid} endpoint using network firewalls or access control lists (ACLs) can limit the attack surface. Carefully review user permissions and ensure the principle of least privilege is enforced. Monitor OpenObserve logs for suspicious user activity, particularly attempts to modify user accounts. While a direct WAF rule is difficult to implement without deep inspection of the request payload, monitoring for unusual user deletion patterns could provide an early warning signal.

कैसे ठीक करें

OpenObserve को संस्करण 0.8.0 या उच्चतर में अपडेट करें। यह संस्करण प्राधिकरण भेद्यता को ठीक करता है जो अनधिकृत उपयोगकर्ताओं को संगठन से अन्य उपयोगकर्ताओं को हटाने की अनुमति देता है। अपडेट अनधिकृत पहुंच और संभावित परिचालन व्यवधान को रोकेगा।

CVE सुरक्षा न्यूज़लेटर

भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।

अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…

What is CVE-2024-25106 — Critical User Removal in OpenObserve?

CVE-2024-25106 is a critical vulnerability in OpenObserve versions ≤0.7.9 that allows authenticated users to remove any other user, including administrators, potentially granting unauthorized access and control.

Am I affected by CVE-2024-25106 in OpenObserve?

If you are running OpenObserve version 0.7.9 or earlier, you are affected by this vulnerability and should prioritize upgrading to a patched version.

How do I fix CVE-2024-25106 in OpenObserve?

The recommended fix is to upgrade to OpenObserve version 0.8.0 or later. Temporary workarounds include restricting access to the vulnerable endpoint and reviewing user permissions.

Is CVE-2024-25106 being actively exploited?

While no active exploitation has been publicly confirmed, the vulnerability's ease of exploitation and critical severity suggest a high probability of exploitation if left unpatched.

Where can I find the official OpenObserve advisory for CVE-2024-25106?

Refer to the OpenObserve security advisory for detailed information and updates: [https://github.com/openobserve/openobserve/security/advisories/GHSA-9g7x-x453-4444](https://github.com/openobserve/openobserve/security/advisories/GHSA-9g7x-x453-4444)

क्या आपका प्रोजेक्ट प्रभावित है?

अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।

मुफ्त स्कैन करें CVE खोजें