VYPR
Moderate severityNVD Advisory· Published Oct 9, 2024· Updated Oct 15, 2025

IDOR in open-webui/open-webui

CVE-2024-7041

Description

An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint http://0.0.0.0:3000/api/v1/memories/{id}/update, where the decentralization design is flawed, allowing attackers to edit other users' memories without proper authorization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
open-webuiPyPI
<= 0.3.8

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.