CVE-2024-6707 - OpenCVE

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Debian	Debian Linux
Openwebui	Open Webui

Configuration 1 [-]

AND

cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt

History

Thu, 08 Aug 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux
CPEs		cpe:2.3:o:debian:debian_linux:12.0:::::::*
Vendors & Products		Debian Debian debian Linux

Thu, 08 Aug 2024 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openwebui Openwebui open Webui
CPEs		cpe:2.3:a:openwebui:open_webui:0.1.105:::::::*
Vendors & Products		Openwebui Openwebui open Webui
References	http://seclists.org/fulldisclosure/2024/Aug/4
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 08 Aug 2024 15:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Thu, 08 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2024/Aug/4

Wed, 07 Aug 2024 23:15:00 +0000

Type	Values Removed	Values Added
Description		Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
Title		Open WebUI Arbitrary File Upload + Path Traversal
Weaknesses		CWE-22 CWE-434
References		https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt

MITRE

Status: PUBLISHED

Assigner: KoreLogic

Published: 2024-08-07T23:04:45.137Z

Updated: 2024-08-08T15:02:49.851Z

Reserved: 2024-07-11T21:30:47.969Z

Link: CVE-2024-6707

Vulnrichment

Updated: 2024-08-08T13:16:27.267Z

NVD

Status : Analyzed

Published: 2024-08-07T23:15:41.457

Modified: 2024-08-08T20:55:55.453

Link: CVE-2024-6707

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6707", "assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "state": "PUBLISHED", "assignerShortName": "KoreLogic", "dateReserved": "2024-07-11T21:30:47.969Z", "datePublished": "2024-08-07T23:04:45.137Z", "dateUpdated": "2024-08-08T15:02:49.851Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Open WebUI", "repo": "https://github.com/open-webui/open-webui", "vendor": "Open WebUI", "versions": [{"status": "affected", "version": "0.1.105"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jaggar Henry and Sean Segreti of KoreLogic, Inc."}], "datePublic": "2024-08-07T23:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<pre>Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.</pre><br>"}], "value": "Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "shortName": "KoreLogic", "dateUpdated": "2024-08-07T23:04:45.137Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Open WebUI Arbitrary File Upload + Path Traversal", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Aug/4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/08/08/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T15:02:49.851Z"}}, {"affected": [{"vendor": "openwebui", "product": "open_webui", "cpes": ["cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.1.105", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T13:07:37.215856Z", "id": "CVE-2024-6707", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T13:16:33.432Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Open WebUI Arbitrary File Upload + Path Traversal", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Jaggar Henry and Sean Segreti of KoreLogic, Inc."}], "affected": [{"repo": "https://github.com/open-webui/open-webui", "vendor": "Open WebUI", "product": "Open WebUI", "versions": [{"status": "affected", "version": "0.1.105"}], "defaultStatus": "unaffected"}], "datePublic": "2024-08-07T23:01:00.000Z", "references": [{"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.", "supportingMedia": [{"type": "text/html", "value": "<pre>Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.</pre><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "shortName": "KoreLogic", "dateUpdated": "2024-08-07T23:04:45.137Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-6707", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-08T13:07:37.215856Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:*"], "vendor": "openwebui", "product": "open_webui", "versions": [{"status": "affected", "version": "0.1.105"}], "defaultStatus": "unknown"}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-08-08T13:16:27.267Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-6707", "state": "PUBLISHED", "dateUpdated": "2024-08-07T23:04:45.137Z", "dateReserved": "2024-07-11T21:30:47.969Z", "assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "datePublished": "2024-08-07T23:04:45.137Z", "assignerShortName": "KoreLogic"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:*", "matchCriteriaId": "33127669-DDB0-4B45-9D9D-D3B85CEC7180", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability."}, {"lang": "es", "value": "Los archivos controlados por un atacante se pueden cargar en ubicaciones arbitrarias en el sistema de archivos del servidor web abusando de una vulnerabilidad de path traversal."}], "id": "CVE-2024-6707", "lastModified": "2024-08-08T20:55:55.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-07T23:15:41.457", "references": [{"source": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "tags": ["Exploit", "Third Party Advisory"], "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt"}], "sourceIdentifier": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-434"}], "source": "bbf0bd87-ece2-41be-b873-96928ee8fab9", "type": "Secondary"}]}