CVE-2024-6971 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...

CVE-2024-6971 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...

CVE-2024-7049

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process...

Exposure of Data Element to Wrong Session

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the improper handling of user roles during the login process. An attacker can gain unauthorized access and perform actions without administrative approval...

CVE-2024-7049 Exposure of Token in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process...

CVE-2024-7049 Exposure of Token in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process...

CVE-2024-7049

Open-webui/open-webui is affected at version v0.3.8. The root issue is that a token is returned when a user with a pending role logs in, allowing actions without admin approval and bypassing the intended approval workflow. The CVE entry lists a moderate impact (CVSS ~5.4) with no explicit exploit...

CVE-2024-7048

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this...

CVE-2024-7048

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this...

Improper Privilege Management

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Privilege Management due to improper privilege management in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. An attacker can view and overwrite files by accessing these endpoints...

CVE-2024-7048

Open-WebUI open-webui v0.3.8 contains an improper privilege management flaw in API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc, enabling a lower-privileged user to view and overwrite admin-owned files, risking integrity and availability of RAG models. Root cause: insufficient access...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.3.8. An attacker exploiting this vulnerability could bypass the expected approval process...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A security vulnerability exists in Open WebUI version v0.3.8, which stems from improper privilege management in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc...

PT-2024-38044 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version v0.3.8 Description: A vulnerability exists where a token is returned when a user with a pending role logs in, allowing the user to perform actions without admin confirmation and bypassing the intended approval...

open-webui allows enumeration of file names and traversal of directories by observing the error messages

An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existenc...

open-webui allows writing and deleting arbitrary files

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...

open-webui Insecure Direct Object Reference (IDOR) vulnerability

An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...

Execution with Unnecessary Privileges

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Execution with Unnecessary Privileges through the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update. An attacker can modify other users' data without proper authorization. Remediation Upgrade...

Path Traversal

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Path Traversal due to unsanitized input in the file.filename concatenation with CACHEDIRvia the /api/pipelines/upload endpoint. An attacker can overwrite and delete system files, potentially leading to...

GHSA-54F4-V6V9-9Q82 open-webui allows writing and deleting arbitrary files

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHEDIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote cod...