Описание
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openwebui:open_webui:0.3.8:*:*:*:*:*:*:*
EPSS
Процентиль: 14%
0.00047
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-488
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.4
github
больше 1 года назад
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.
EPSS
Процентиль: 14%
0.00047
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-488
NVD-CWE-Other