CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8053 – Improper Authentication in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-8053
20 Mar 2025 — In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, resulting in service misuse and potential operational and... • https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7049 – Exposure of Token in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7049
10 Oct 2024 — In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process. En la versión v0.3.8 de open-webui/open-webui, existe una vulnerabilidad en la que se devuelve un token cuando un usuario con un rol pendiente inicia sesión. Esto permite al usuario realizar acciones sin la confirmación del administrador, omitiendo el proceso de aproba... • https://huntr.com/bounties/ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc • CWE-488: Exposure of Data Element to Wrong Session •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7038 – Information Disclosure in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7038
09 Oct 2024 — An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information. • https://huntr.com/bounties/f42cf72a-8015-44a6-81a9-c6332ef05afc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •