Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:38 p.m.18 views

CVE-2024-7053

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

9CVSS7.8AI score0.00659EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.30 views

CVE-2024-7053

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

9CVSS0.00659EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:11 a.m.55 views

CVE-2024-7053

CVE-2024-7053 affects open-webui/open-webui version 0.3.8. A session-fixation vulnerability allows a user-level attacker to cause the administrator’s session cookie to be exfiltrated via a cross-origin request triggered by a malicious markdown image in chat. The cookies use SameSite=Lax and lack ...

9CVSS7.9AI score0.00659EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.37 views

CVE-2024-7053 Session Fixation in open-webui/open-webui

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

7.6CVSS0.00659EPSS
Exploits1References1
Rows per page
Query Builder