4 matches found
CVE-2024-7053
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...
CVE-2024-7053
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...
CVE-2024-7053
CVE-2024-7053 affects open-webui/open-webui version 0.3.8. A session-fixation vulnerability allows a user-level attacker to cause the administrator’s session cookie to be exfiltrated via a cross-origin request triggered by a malicious markdown image in chat. The cookies use SameSite=Lax and lack ...
CVE-2024-7053 Session Fixation in open-webui/open-webui
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...