Access Control Bypass
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Access Control Bypass via the /api/tasks/stop/taskid endpoint. An attacker can enumerate tasks running by other users and use taskid to terminate any tasks running on the server. Remediation Upgrade open-webu...