CVE-2024-7049
Open-webui/open-webui is affected at version v0.3.8. The root issue is that a token is returned when a user with a pending role logs in, allowing actions without admin approval and bypassing the intended approval workflow. The CVE entry lists a moderate impact (CVSS ~5.4) with no explicit exploit...