CVE-2024-7039

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...

CVE-2024-7806

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

CVE-2024-7990

A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...

CVE-2024-7043

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all...

CVE-2024-7999

A vulnerability in open-webui/open-webui version 79778fa allows an attacker to cause a Denial of Service DoS by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character,...

CVE-2024-7036

A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, ...

CVE-2024-12534

In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service DoS condition when a us...

CVE-2024-12868

In version 0.3.32 of open-webui, the application uses a vulnerable version of the starlette package through its dependency on fastapi. The starlette package versions =0.49 are susceptible to uncontrolled resource consumption, which can be exploited to cause a denial of service through memory...

CVE-2024-12766

parisneo/lollms-webui version V13 feather suffers from a Server-Side Request Forgery SSRF vulnerability in the POST /api/proxy REST API. Attackers can exploit this vulnerability to abuse the victim server's credentials to access unauthorized web resources by specifying the JSON parameter...

CVE-2024-12537

In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the api/v1/utils/code/format endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could become completely...

CVE-2024-9840

A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...

CVE-2024-9919

A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/appname API endpoint does not call the checkaccess function to verify the clientid, enabling attackers to delete directories without...

CVE-2024-8581

A vulnerability in the uploadapp function of parisneo/lollms-webui V12 Strawberry allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error...

CVE-2024-8017

An XSS vulnerability exists in open-webui/open-webui versions = 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their ow...

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability

A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...

GHSA-5CCF-884P-4JJQ Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability

A Denial of Service DoS vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including /ollama/models/upload, /audio/api/v1/transcriptions, and /rag/api/v1/doc. The application processes multipart boundaries without authentication, leading t...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS through the /api/v1/models/add endpoint. An attacker can execute arbitrary scripts that affect other users, including administrators, by injecting malicious scripts into the model...

Denial of Service (DoS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Denial of Service DoS via the endpoint for converting markdown. An attacker can cause the server to spend excessive time on processing, rendering it unresponsive to other requests until the conversion is...

GHSA-FF5C-56M7-VC75 Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

Arbitrary File Upload

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary File Upload via the audio/api/v1/transcriptions endpoint. An attacker can execute arbitrary code on the server by uploading a malicious file with a crafted filename that exploits insufficient...