Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 1:22 p.m.10 views

CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS7.1AI score0.00234EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.8 views

CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS0.00234EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.79 views

CVE-2024-7035

The CVE-2024-7035 issue affects open-webui/open-webui (v0.3.8). The underlying problem is CSRF because sensitive actions (delete/reset) are invoked via GET requests. Affected endpoints include /rag/api/v1/reset, /rag/api/v1/reset/db, /api/v1/memories/reset, and /rag/api/v1/reset/uploads, impactin...

6.9CVSS6.8AI score0.00234EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.16 views

CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS0.00234EPSS
Exploits1References1
Rows per page
Query Builder