Open Webui
by Openwebui
Source repositories
CVEs (122)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-8053 | 0.00 | — | 0.01 | Mar 20, 2025 | In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload,… | |||
| CVE-2024-7806 | 0.00 | — | 0.00 | Mar 20, 2025 | A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker… | |||
| CVE-2024-7039 | 0.00 | — | 0.01 | Mar 20, 2025 | In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administrator}`. This action is… | |||
| CVE-2024-12534 | 0.00 | — | 0.01 | Mar 20, 2025 | In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS)… | |||
| CVE-2024-7043 | 0.00 | — | 0.01 | Mar 20, 2025 | An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve… | |||
| CVE-2024-7983 | 0.00 | — | 0.01 | Mar 20, 2025 | In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to… | |||
| CVE-2024-7044 | 0.00 | — | 0.00 | Mar 20, 2025 | A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the… | |||
| CVE-2024-7045 | 0.00 | — | 0.00 | Mar 20, 2025 | In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve… | |||
| CVE-2024-7035 | 0.00 | — | 0.00 | Mar 20, 2025 | In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks, where an unaware user can unintentionally perform… | |||
| CVE-2024-7036 | 0.00 | — | 0.01 | Mar 20, 2025 | A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as… | |||
| CVE-2024-7033 | 0.00 | — | 0.01 | Mar 20, 2025 | In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations… | |||
| CVE-2024-7040 | 0.00 | — | 0.01 | Mar 20, 2025 | In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the user_id parameter, it is possible to view the chats of… | |||
| CVE-2024-7046 | 0.00 | — | 0.00 | Mar 20, 2025 | An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to… | |||
| CVE-2024-12537 | 0.00 | — | 0.01 | Mar 20, 2025 | In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could… | |||
| CVE-2024-7959 | 0.00 | — | 0.24 | Mar 20, 2025 | The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This… | |||
| CVE-2024-7990 | 0.00 | — | 0.01 | Mar 20, 2025 | A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to… | |||
| CVE-2024-7049 | 0.00 | — | 0.00 | Oct 10, 2024 | In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process. | |||
| CVE-2024-7048 | 0.00 | — | 0.00 | Oct 10, 2024 | In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By… | |||
| CVE-2024-7041 | 0.00 | — | 0.00 | Oct 9, 2024 | An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other… | |||
| CVE-2024-7037 | 0.00 | — | 0.01 | Oct 9, 2024 | In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially… |
- CVE-2024-8053Mar 20, 2025risk 0.00cvss —epss 0.01
In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload,…
- CVE-2024-7806Mar 20, 2025risk 0.00cvss —epss 0.00
A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker…
- CVE-2024-7039Mar 20, 2025risk 0.00cvss —epss 0.01
In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administrator}`. This action is…
- CVE-2024-12534Mar 20, 2025risk 0.00cvss —epss 0.01
In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS)…
- CVE-2024-7043Mar 20, 2025risk 0.00cvss —epss 0.01
An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the GET /api/v1/files/ interface to retrieve…
- CVE-2024-7983Mar 20, 2025risk 0.00cvss —epss 0.01
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to…
- CVE-2024-7044Mar 20, 2025risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the…
- CVE-2024-7045Mar 20, 2025risk 0.00cvss —epss 0.00
In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve…
- CVE-2024-7035Mar 20, 2025risk 0.00cvss —epss 0.00
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks, where an unaware user can unintentionally perform…
- CVE-2024-7036Mar 20, 2025risk 0.00cvss —epss 0.01
A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as…
- CVE-2024-7033Mar 20, 2025risk 0.00cvss —epss 0.01
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations…
- CVE-2024-7040Mar 20, 2025risk 0.00cvss —epss 0.01
In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the user_id parameter, it is possible to view the chats of…
- CVE-2024-7046Mar 20, 2025risk 0.00cvss —epss 0.00
An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to…
- CVE-2024-12537Mar 20, 2025risk 0.00cvss —epss 0.01
In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the `api/v1/utils/code/format` endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could…
- CVE-2024-7959Mar 20, 2025risk 0.00cvss —epss 0.24
The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This…
- CVE-2024-7990Mar 20, 2025risk 0.00cvss —epss 0.01
A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to…
- CVE-2024-7049Oct 10, 2024risk 0.00cvss —epss 0.00
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.
- CVE-2024-7048Oct 10, 2024risk 0.00cvss —epss 0.00
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By…
- CVE-2024-7041Oct 9, 2024risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other…
- CVE-2024-7037Oct 9, 2024risk 0.00cvss —epss 0.01
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially…
Page 6 of 7