Lucene search
K

5 matches found

NVD
NVD
added 2025/03/20 10:15 a.m.11 views

CVE-2024-7039

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...

8.3CVSS0.00647EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.8 views

CVE-2024-7039 Improper Privilege Management in open-webui/open-webui

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...

8.3CVSS8.3AI score0.00647EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:11 a.m.70 views

CVE-2024-7039

CVE-2024-7039 affects open-webui/open-webui v0.3.8. Affected component: API-based user management. Root cause: improper privilege management allows an admin to delete other administrators via the endpoint http://0.0.0.0:8080/api/v1/users/{uuid_administrator}, despite UI restrictions. Impact: elev...

8.3CVSS6.9AI score0.00647EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:11 a.m.5 views

CVE-2024-7039 Improper Privilege Management in open-webui/open-webui

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...

8.3CVSS7.1AI score0.00647EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.25 views

CVE-2024-7039 Improper Privilege Management in open-webui/open-webui

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/uuidadministrator. This action is restricted by the user...

8.3CVSS0.00647EPSS
Exploits1References1
Rows per page
Query Builder