Количество 2
Количество 2
CVE-2024-7035
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks, where an unaware user can unintentionally perform sensitive actions by simply visiting a malicious site or through top-level navigation. The affected endpoints include /rag/api/v1/reset, /rag/api/v1/reset/db, /api/v1/memories/reset, and /rag/api/v1/reset/uploads. This impacts both the availability and integrity of the application.
GHSA-p5vx-9hj8-cf4h
Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-7035 In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks, where an unaware user can unintentionally perform sensitive actions by simply visiting a malicious site or through top-level navigation. The affected endpoints include /rag/api/v1/reset, /rag/api/v1/reset/db, /api/v1/memories/reset, and /rag/api/v1/reset/uploads. This impacts both the availability and integrity of the application. | CVSS3: 6.9 | 0% Низкий | 11 месяцев назад |
| GHSA-p5vx-9hj8-cf4h Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) | CVSS3: 6.9 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу