Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenObserve's Invite Token Lifecycle Misconfiguration
Vulnerability Description
OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issued links remain valid simultaneously. This results in broken access control where a removed or demoted user can regain access or escalate privileges. This issue has been patched in version 0.16.0.
CVSS Information
N/A
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
OpenObserve 代码问题漏洞
Vulnerability Description
OpenObserve是OpenObserve开源的一个云原生可观察性平台。 OpenObserve 0.16.0之前版本存在代码问题漏洞,该漏洞源于组织邀请令牌管理不当,可能导致访问控制失效。
CVSS Information
N/A
Vulnerability Type
N/A