Vulnerability Description
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openobserve | Openobserve | >= 0.4.4, < 0.10.0 |
Related Weaknesses (CWE)
References
- https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscProduct
- https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdPatch
- https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d5Patch
- https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrThird Party Advisory
- https://github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscProduct
- https://github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdPatch
- https://github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d5Patch
- https://github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrThird Party Advisory
FAQ
What is CVE-2024-41809?
CVE-2024-41809 is a vulnerability with a CVSS score of 7.2 (HIGH). OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/sr...
How severe is CVE-2024-41809?
CVE-2024-41809 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-41809?
Check the references section above for vendor advisories and patch information. Affected products include: Openobserve Openobserve.