CVE-2024-7806 Remote Code Execution by Non-Admin Users via CSRF in open-webui/open-webui

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

CVE-2024-7806 Remote Code Execution by Non-Admin Users via CSRF in open-webui/open-webui

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

CVE-2024-7806

CVE-2024-7806 affects open-webui/open-webui ≤ 0.3.8. A CSRF flaw (lax SameSite cookies, no CSRF tokens) enables remote code execution by non-admin users when a victim visits a crafted page, potentially modifying a pipeline’s Python code and running arbitrary commands with the victim’s privileges....

CVE-2024-7039 Improper Privilege Management in open-webui/open-webui

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...

CVE-2024-7039 Improper Privilege Management in open-webui/open-webui

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...

CVE-2024-7039

CVE-2024-7039 affects open-webui/open-webui v0.3.8. Affected component: API-based user management. Root cause: improper privilege management allows an admin to delete other administrators via the endpoint http://0.0.0.0:8080/api/v1/users/{uuid_administrator}, despite UI restrictions. Impact: elev...

CVE-2024-8898

CVE-2024-8898 affects the Parisneo/Lollms-WebUI project, specifically the internal APIs at the install and uninstall endpoints for version V12 (Strawberry). The root cause is insufficient sanitization of user-supplied input, enabling path traversal that can create or delete directories via arbitr...

CVE-2024-8898 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 Strawberry. This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of...

CVE-2024-12534 Denial of Service (DoS) in open-webui/open-webui

In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service DoS condition when a us...

CVE-2024-12534 Denial of Service (DoS) in open-webui/open-webui

In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service DoS condition when a us...

CVE-2024-12534

The CVE-2024-12534 entry concerns open-webui/open-webui version 0.3.32, where the sign-in flow accepts excessively large values in the email and password fields due to missing character-length validation. This concrete root cause enables a Denial of Service (DoS) by exhausting server resources (C...

CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

CVE-2024-7034 Remote Code Execution due to Arbitrary File Write in open-webui/open-webui

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

CVE-2024-7034

Open WebUI 0.3.8 is affected by a directory traversal vulnerability in the /models/upload endpoint due to unsafe handling of file.filename, allowing arbitrary file writes outside the UPLOAD_DIR and potentially overwriting system files. This can lead to unauthorized modifications and may enable re...

CVE-2024-7043 Improper Access Control in open-webui/open-webui

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all...

CVE-2024-7043 Improper Access Control in open-webui/open-webui

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve information on all...

CVE-2024-6986 Cross-site Scripting (XSS) in parisneo/lollms-webui

A Cross-site Scripting XSS vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'fulltemplate' variable directly as HTML. This allows an attacker to execute maliciou...

CVE-2024-6986 Cross-site Scripting (XSS) in parisneo/lollms-webui

A Cross-site Scripting XSS vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'fulltemplate' variable directly as HTML. This allows an attacker to execute maliciou...

CVE-2024-6986

The CVE-2024-6986 entry concerns parisneo/lollms-webui (v9.8). A Cross-site Scripting (XSS) flaw arises from improper use of the v-html directive, which renders the full_template variable as HTML on the Settings page. An attacker can inject JavaScript by supplying a payload in the System Template...

CVE-2024-7043

CVE-2024-7043 concerns open-webui/open-webui v0.3.8, where improper access control enables an attacker to enumerate and delete user-uploaded files via the API. The vulnerability arises because the system does not verify administrator privileges for GET /api/v1/files/ (listing files) and then enab...