CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7049 – Exposure of Token in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7049
10 Oct 2024 — In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process. En la versión v0.3.8 de open-webui/open-webui, existe una vulnerabilidad en la que se devuelve un token cuando un usuario con un rol pendiente inicia sesión. Esto permite al usuario realizar acciones sin la confirmación del administrador, omitiendo el proceso de aproba... • https://huntr.com/bounties/ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7048 – IDOR in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7048
10 Oct 2024 — In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models. • https://huntr.com/bounties/acd0b2dd-61eb-4712-82d3-a4e35d6ee560 • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7041 – IDOR in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7041
09 Oct 2024 — An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other users' memories without proper authorization. • https://huntr.com/bounties/6855227f-1237-47b8-8d37-29aad7ddec3a • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7037 – Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7037
09 Oct 2024 — In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution. • https://huntr.com/bounties/8508db68-9c99-4b1c-828c-e1bfcacfb847 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6707 – Open WebUI Arbitrary File Upload + Path Traversal
https://notcve.org/view.php?id=CVE-2024-6707
07 Aug 2024 — Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. Los archivos controlados por un atacante se pueden cargar en ubicaciones arbitrarias en el sistema de archivos del servidor web abusando de una vulnerabilidad de path traversal. Open WebUI version 0.1.105 suffers from arbitrary file upload and path traversal vulnerabilities. • https://packetstorm.news/files/id/179998 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6706 – Open WebUI Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-6706
07 Aug 2024 — Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. Los atacantes pueden crear un mensaje malicioso que obligue al modelo de lenguaje a ejecutar JavaScript arbitrario en el contexto de la página web. Open WebUI version 0.1.105 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/179997 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30256 – Open WebUI vulnerable to server-side request forgery in utils.py
https://notcve.org/view.php?id=CVE-2024-30256
16 Apr 2024 — Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117. Open WebUI es una WebUI fácil de usar para LLM. Open-webui es vulnerable a blind server-side request forgery. • https://github.com/open-webui/open-webui/security/advisories/GHSA-39wr-r5vm-3jxj • CWE-918: Server-Side Request Forgery (SSRF) •