CVE-2024-7048 | open-webui up to 0.3.8 API Endpoint /api/v1/documents/ privileges management

Inserito da Angelo Barbosa | Ott 10, 2024 | CVE

A vulnerability was found in open-webui up to 0.3.8. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/documents/ of the component API Endpoint. The manipulation leads to improper privilege management.

This vulnerability is known as CVE-2024-7048. The attack can be launched remotely. There is no exploit available.

CVE-2024-7048 | open-webui up to 0.3.8 API Endpoint /api/v1/documents/ privileges management

Post correlati

CVE-2024-40954 | Linux Kernel up to 5.15.161/6.1.95/6.6.35/6.9.6 atomic64_64.h __sock_release use after free

CVE-2023-52448 | Linux Kernel up to 6.7.1 gfs2 gfs2_rgrp_dump null pointer dereference

CVE-2024-0638 | Checkmk up to 2.0.0p39/2.1.0p40/2.2.0p23/2.3.0b3 Agent Plugin least privilege violation

CVE-2023-38362 | IBM CICS TX Advanced 10.1 HTTP Response observable response discrepancy (XFDB-260814)