OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Openobserve
  • Openobserve

Configuration 1 [-]

cpe:2.3:a:openobserve:openobserve:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vue#L32 cve-icon cve-icon cve-icon
https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02 cve-icon cve-icon cve-icon
https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331d cve-icon cve-icon cve-icon
https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrp cve-icon cve-icon cve-icon
History

Tue, 13 Aug 2024 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Openobserve
Openobserve openobserve
CPEs cpe:2.3:a:openobserve:openobserve:*:*:*:*:*:*:*:*
Vendors & Products Openobserve
Openobserve openobserve
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-25T20:22:14.726Z

Updated: 2024-08-12T20:57:41.387Z

Reserved: 2024-07-22T13:57:37.136Z

Link: CVE-2024-41809

cve-icon Vulnrichment

Updated: 2024-08-02T04:46:52.701Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-25T21:15:11.310

Modified: 2024-08-13T13:43:51.613

Link: CVE-2024-41809

cve-icon Redhat

No data.