0.8.1
A critical privilege escalation vulnerability (CVE-2024-24830) has been identified in OpenObserve, an observability platform designed for petabyte-scale log, metric, and trace analysis. This flaw allows authenticated regular users ('member' roles) to elevate their privileges and add new users with 'root' access to an organization, effectively circumventing intended security controls. The vulnerability affects versions of OpenObserve up to 0.7.9, and a fix is available in version 0.8.0.
The impact of CVE-2024-24830 is severe. An attacker, posing as a regular 'member' user, can exploit this vulnerability to gain complete administrative control over an OpenObserve organization. This includes the ability to create new users with root privileges, granting them unrestricted access to sensitive data, configuration settings, and the ability to modify or delete data. This could lead to data breaches, service disruption, and complete compromise of the observability platform. The ease of exploitation, requiring only authentication as a regular user, significantly expands the potential attack surface. This vulnerability shares similarities with other privilege escalation flaws where inadequate input validation allows unauthorized role assignments.
CVE-2024-24830 was publicly disclosed on February 8, 2024. Its CVSS score of 10 (CRITICAL) reflects the high likelihood of exploitation and significant impact. No specific KEV listing or EPSS score is currently available. While no public proof-of-concept (PoC) has been widely released, the ease of exploitation suggests a high probability of exploitation attempts. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations utilizing OpenObserve for observability, particularly those with multiple users and a tiered access control system, are at risk. Shared hosting environments where multiple tenants share the same OpenObserve instance are especially vulnerable, as a compromised 'member' account in one tenant could potentially be used to escalate privileges across the entire platform. Legacy configurations with default or weak user permissions also increase the risk.
• linux / server:
journalctl -u openobserve -g 'user creation' | grep -i 'root'• generic web:
curl -I 'https://<openobserve_url>/api/{org_id}/users' | grep -i 'role: root'• linux / server:
ps aux | grep -i 'openobserve' | grep -i '/api/{org_id}/users'disclosure
漏洞利用状态
EPSS
0.12% (31% 百分位)
CVSS 向量
The primary mitigation for CVE-2024-24830 is to immediately upgrade OpenObserve to version 0.8.0 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /api/{org_id}/users endpoint to only authorized administrators. Implement strict role-based access controls (RBAC) to limit the privileges of regular users. Monitor audit logs for suspicious user creation activity, particularly those involving the 'root' role. Consider using a Web Application Firewall (WAF) to filter requests to the vulnerable endpoint and block attempts to manipulate user roles. After upgrading, confirm the fix by attempting to create a new user with elevated privileges as a regular user – the request should be rejected.
将 OpenObserve 升级到 0.8.0 或更高版本。此版本修复了用户 API 中的权限提升漏洞,防止普通用户创建具有提升权限的帐户。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-24830 is a critical vulnerability in OpenObserve versions up to 0.7.9 that allows authenticated 'member' users to create new users with 'root' privileges, bypassing security controls.
If you are running OpenObserve version 0.7.9 or earlier, you are affected by this vulnerability and should upgrade immediately.
Upgrade OpenObserve to version 0.8.0 or later to resolve this vulnerability. Implement temporary workarounds like restricting access to the vulnerable endpoint if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the ease of exploitation suggests a high probability of exploitation attempts. Continuous monitoring is recommended.
Refer to the OpenObserve security advisory for detailed information and updates: [https://github.com/openobserve/openobserve/security/advisories/GHSA-9999](https://github.com/openobserve/openobserve/security/advisories/GHSA-9999)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 go.mod 文件,立即知道是否受影响。