Openwebui: >> Open Webui Security Vulnerabilities
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution.
CVSS Score
6.5
EPSS Score
0.023
Published
2024-10-09
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other users' memories without proper authorization.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-10-09
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information.
CVSS Score
2.7
EPSS Score
0.002
Published
2024-10-09
Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-07
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-08-07
Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.
CVSS Score
6.4
EPSS Score
0.002
Published
2024-04-16
Page 4