During a recent penetration test Computest found and exploited various issues in Observium, going from unauthenticated user to full shell access as root. We reported these issues to the Observium project for the benefit of our customer and other members of the community. This was not a full audit and further issues may or may not be present. (Note about affected versions: The Observium project does not provide a way to download older releases for non-paying users, so there was no way to check...
