exploitDog

CVE-2024-7039

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 8.3

CVSS3: 6.7

EPSS Низкий

Описание

In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint http://0.0.0.0:8080/api/v1/users/{uuid_administrator}. This action is restricted by the user interface but can be performed through direct API calls.

Ссылки

https://huntr.com/bounties/27fc8a5a-546e-4cf2-8edb-df42e36518fc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openwebui:open_webui:0.3.8:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00092

Низкий

8.3 High

CVSS3

6.7 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-pqwr-phvv-v49f

CVSS3: 8.3

github

11 месяцев назад

Open WebUI Allows Admin Deletion via API Endpoint

EPSS

Процентиль: 26%

0.00092

Низкий

8.3 High

CVSS3

6.7 Medium

CVSS3

Дефекты

CWE-863