cvedb.io
CVE-2024-41808
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2024-07-25T20:15:05.153 · Last modified 2026-06-17T07:48:16.353

Summary

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim's account provided they meet the exploitation steps. As of time of publication, no patched version is available.

Affected products

openobserve — openobserve

Does this affect you?

Add your gear to cvedb and we'll alert you only when openobserve ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.