प्लेटफ़ॉर्म
go
घटक
openobserve
में ठीक किया गया
0.8.1
A critical privilege escalation vulnerability (CVE-2024-24830) has been identified in OpenObserve, an observability platform designed for petabyte-scale log, metric, and trace analysis. This flaw allows authenticated regular users ('member' roles) to elevate their privileges and add new users with 'root' access to an organization, effectively circumventing intended security controls. The vulnerability affects versions of OpenObserve up to 0.7.9, and a fix is available in version 0.8.0.
The impact of CVE-2024-24830 is severe. An attacker, posing as a regular 'member' user, can exploit this vulnerability to gain complete administrative control over an OpenObserve organization. This includes the ability to create new users with root privileges, granting them unrestricted access to sensitive data, configuration settings, and the ability to modify or delete data. This could lead to data breaches, service disruption, and complete compromise of the observability platform. The ease of exploitation, requiring only authentication as a regular user, significantly expands the potential attack surface. This vulnerability shares similarities with other privilege escalation flaws where inadequate input validation allows unauthorized role assignments.
CVE-2024-24830 was publicly disclosed on February 8, 2024. Its CVSS score of 10 (CRITICAL) reflects the high likelihood of exploitation and significant impact. No specific KEV listing or EPSS score is currently available. While no public proof-of-concept (PoC) has been widely released, the ease of exploitation suggests a high probability of exploitation attempts. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations utilizing OpenObserve for observability, particularly those with multiple users and a tiered access control system, are at risk. Shared hosting environments where multiple tenants share the same OpenObserve instance are especially vulnerable, as a compromised 'member' account in one tenant could potentially be used to escalate privileges across the entire platform. Legacy configurations with default or weak user permissions also increase the risk.
• linux / server:
journalctl -u openobserve -g 'user creation' | grep -i 'root'• generic web:
curl -I 'https://<openobserve_url>/api/{org_id}/users' | grep -i 'role: root'• linux / server:
ps aux | grep -i 'openobserve' | grep -i '/api/{org_id}/users'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.12% (31% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2024-24830 is to immediately upgrade OpenObserve to version 0.8.0 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /api/{org_id}/users endpoint to only authorized administrators. Implement strict role-based access controls (RBAC) to limit the privileges of regular users. Monitor audit logs for suspicious user creation activity, particularly those involving the 'root' role. Consider using a Web Application Firewall (WAF) to filter requests to the vulnerable endpoint and block attempts to manipulate user roles. After upgrading, confirm the fix by attempting to create a new user with elevated privileges as a regular user – the request should be rejected.
OpenObserve को संस्करण 0.8.0 या उच्चतर में अपडेट करें। यह संस्करण उपयोगकर्ता API में विशेषाधिकार वृद्धि भेद्यता को ठीक करता है, जिससे नियमित उपयोगकर्ताओं को उन्नत विशेषाधिकारों के साथ खाते बनाने से रोका जा सकता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-24830 is a critical vulnerability in OpenObserve versions up to 0.7.9 that allows authenticated 'member' users to create new users with 'root' privileges, bypassing security controls.
If you are running OpenObserve version 0.7.9 or earlier, you are affected by this vulnerability and should upgrade immediately.
Upgrade OpenObserve to version 0.8.0 or later to resolve this vulnerability. Implement temporary workarounds like restricting access to the vulnerable endpoint if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the ease of exploitation suggests a high probability of exploitation attempts. Continuous monitoring is recommended.
Refer to the OpenObserve security advisory for detailed information and updates: [https://github.com/openobserve/openobserve/security/advisories/GHSA-9999](https://github.com/openobserve/openobserve/security/advisories/GHSA-9999)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी go.mod फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।