CVE-2024-25106

{"id": "CVE-2024-25106", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.3, "exploitabilityScore": 3.1}]}, "published": "2024-02-08T23:15:10.360", "references": [{"url": "https://github.com/openobserve/openobserve/security/advisories/GHSA-3m5f-9m66-xgp7", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-272"}, {"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the \"/api/{org_id}/users/{email_id}\" endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with \"Admin\" and \"Root\" roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including \"Admins\" and \"Root\" users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by \"Admins\" or \"Root\" users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade."}, {"lang": "es", "value": "OpenObserve es una plataforma de observabilidad creada espec\u00edficamente para registros, m\u00e9tricas, seguimientos y an\u00e1lisis, manipulada para funcionar a escala de petabytes. Se ha identificado una vulnerabilidad cr\u00edtica en el endpoint \"/api/{org_id}/users/{email_id}\". Esta vulnerabilidad permite que cualquier usuario autenticado dentro de una organizaci\u00f3n elimine a cualquier otro usuario de esa misma organizaci\u00f3n, independientemente de sus respectivas funciones. Esto incluye la capacidad de eliminar usuarios con roles de \"Administrador\" y \"Root\". Al permitir que cualquier miembro de la organizaci\u00f3n altere unilateralmente la base de usuarios, se abre la puerta al acceso no autorizado y puede causar interrupciones considerables en las operaciones. El n\u00facleo de la vulnerabilidad radica en la funci\u00f3n `remove_user_from_org` en el sistema de gesti\u00f3n de usuarios. Esta funci\u00f3n est\u00e1 manipulada para permitir a los usuarios de la organizaci\u00f3n eliminar miembros de su organizaci\u00f3n. La funci\u00f3n no comprueba si el usuario que inicia la solicitud tiene los privilegios administrativos adecuados para eliminar un usuario. Cualquier usuario que forme parte de la organizaci\u00f3n, independientemente de su rol, puede eliminar a cualquier otro usuario, incluidos aquellos con mayores privilegios. Esta vulnerabilidad se clasifica como un problema de autorizaci\u00f3n que conduce a la eliminaci\u00f3n de usuarios no autorizados. El impacto es grave, ya que compromete la integridad de la gesti\u00f3n de usuarios dentro de las organizaciones. Al explotar esta vulnerabilidad, cualquier usuario dentro de una organizaci\u00f3n, sin necesidad de privilegios administrativos, puede eliminar usuarios cr\u00edticos, incluidos los usuarios \"Admins\" y \"Root\". Esto podr\u00eda provocar un acceso no autorizado al sistema, un bloqueo administrativo o interrupciones operativas. Dado que las cuentas de usuario suelen ser creadas por \"Admins\" o usuarios \"Root\", esta vulnerabilidad puede ser explotada por cualquier usuario al que se le haya otorgado acceso a una organizaci\u00f3n, lo que representa un riesgo cr\u00edtico para la seguridad y la estabilidad operativa de la aplicaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 0.8.0. Se recomienda a los usuarios que actualicen."}], "lastModified": "2024-02-15T18:53:44.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openobserve:openobserve:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D7A734A-45D6-47B6-942F-227F74B65B0D", "versionEndExcluding": "0.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}