Critical Vulnerability Patched in OpenObserve Observability Platform

CVECVE-2024-24830
CVSScvssV3_1: 10
SourceCVE-2024-24830

OpenObserve is a popular observability platform used by many companies to monitor logs, metrics and traces at scale. Unfortunately, a serious vulnerability was recently discovered that allowed regular users to escalate their privileges and gain full administrative access.

The vulnerability resided in the user creation process. When a new user was added, the platform failed to properly validate the roles being assigned. A regular user could manipulate the request to assign themselves the highest “root” level access, even though they were only meant to have regular “member” privileges.

This posed a major risk as it completely broke the intended security controls around role-based access. A malicious actor could add themselves as an admin and then access any organization’s data or make changes without permission. They would have full control over the observability platform.

Luckily, OpenObserve was quick to address the issue and released an update to version 0.8.0 that patched the vulnerability. It’s important all users upgrade immediately to protect their organizations.

In general, it’s also a good idea for services to carefully validate privileges on user updates or creation to prevent privilege escalation attacks. Regular audits of access controls can help catch issues before they are exploited. Staying on top of software updates is one of the best ways to protect yourself from vulnerabilities like this one.

References