Lucene search
Bbf0bd87-ece2-41be-b873-96928ee8fab9NVD:CVE-2024-6707HistoryAug 07, 2024 - 11:15 p.m.
CVE-2024-6707
2024-08-0723:15:41
CWE-434
CWE-22
bbf0bd87-ece2-41be-b873-96928ee8fab9
web.nvd.nist.gov
8
attacker controlled files
arbitrary locations
path traversal vulnerability
web server's filesystem
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
31.4%
Attacker controlled files can be uploaded to arbitrary locations on the web server’s filesystem by abusing a path traversal vulnerability.
Affected configurations
Node
openwebuiopen_webuiMatch0.1.105
debiandebian_linuxMatch12.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openwebui | open_webui | 0.1.105 | cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:* |
| debian | debian_linux | 12.0 | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal
2024-08-07 23:04:45
packetstorm
packetstorm
Open WebUI 0.1.105 File Upload / Path Traversal
2024-08-08 00:00:00
cve
cve
CVE-2024-6707
2024-08-07 23:15:41
zdt
zdt
Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities
2024-08-08 00:00:00
korelogic
korelogic
Open WebUI Arbitrary File Upload + Path Traversal
2024-08-07 00:00:00
cvelist
cvelist
CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal
2024-08-07 23:04:45
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
31.4%
Related for NVD:CVE-2024-6707