| |
Vulnerability CVE-2024-7048
Published: 2024-10-10
| Description: |
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models. |
Type:
CWE-269 (Improper Privilege Management)
References: |
https://huntr.com/bounties/acd0b2dd-61eb-4712-82d3-a4e35d6ee560
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
