ID |
CVE-2024-7037
|
Sažetak |
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution. |
Reference |
|
CVSS |
Base: | 6.5 |
Impact: | 5.2 |
Exploitability: | 1.2 |
|
Pristup |
Vektor | Složenost | Autentikacija |
NETWORK |
LOW |
HIGH |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
NONE |
HIGH |
HIGH |
|
CVSS vektor |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
Zadnje važnije ažuriranje |
10-10-2024 - 12:51 |
Objavljeno |
09-10-2024 - 20:15 |