4 matches found
open-webui Insecure Direct Object Reference (IDOR) vulnerability
An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...
GHSA-XCVC-5HGV-PHQG open-webui Insecure Direct Object Reference (IDOR) vulnerability
An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...
CVE-2024-7041
An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...
CVE-2024-7041 IDOR in open-webui/open-webui
An Insecure Direct Object Reference IDOR vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/id/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without...