Home > Vulnerability Database > CVE-2024-7048

Mend.io Vulnerability Database

CVE-2024-7048

Date: October 9, 2024

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models.

Language: Python

Severity Score

6.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-7048

Url: https://huntr.com/bounties/acd0b2dd-61eb-4712-82d3-a4e35d6ee560

Url: https://www.mend.io/vulnerability-database/CVE-2024-7048

Severity Score

6.3

Weakness Type (CWE)

Improper Privilege Management

CWE-269

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-7048

Date: October 9, 2024

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?