References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j

NIST AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

NIST CWE-79

OR
     *cpe:2.3:a:openobserve:openobserve:*:*:*:*:*:*:*:* versions up to (including) 0.9.1

https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j No Types Assigned

https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j Exploit, Mitigation, Vendor Advisory

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining t

GitHub, Inc. AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

GitHub, Inc. CWE-79

GitHub, Inc. https://github.com/openobserve/openobserve/security/advisories/GHSA-hx23-g7m8-h76j [No types assigned]