CVE-2024-25106

Name of the Vulnerable Software and Affected Versions: OpenObserve versions prior to 0.8.0

Description: A critical issue has been identified in the "/api/{org id}/users/{email id}" endpoint, allowing any authenticated user within an organization to remove any other user, including those with "Admin" and "Root" roles, due to a lack of proper access control. This is caused by the remove user from org function not checking for appropriate administrative privileges. The impact is severe, compromising user management integrity and potentially leading to unauthorized system access, administrative lockout, or operational disruptions.

Recommendations: For OpenObserve versions prior to 0.8.0, upgrade to release version 0.8.0 to address the issue. As a temporary workaround, consider restricting access to the "/api/{org id}/users/{email id}" endpoint or disabling the remove user from org function until the upgrade can be applied.