![]() This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. ![]() This function is designed to allow organizational users to remove members from their organization. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. This includes the ability to remove users with "Admin" and "Root" roles. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. A critical vulnerability has been identified in the "/api/" endpoint. OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |