{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7038", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-07-23T17:52:31.731Z", "datePublished": "2024-10-09T18:26:38.995Z", "dateUpdated": "2024-11-03T18:27:26.279Z"}, "containers": {"cna": {"title": "Information Disclosure in open-webui/open-webui", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-11-03T18:27:26.279Z"}, "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information."}], "affected": [{"vendor": "open-webui", "product": "open-webui/open-webui", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/f42cf72a-8015-44a6-81a9-c6332ef05afc"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.7, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "cweId": "CWE-209"}]}], "source": {"advisory": "f42cf72a-8015-44a6-81a9-c6332ef05afc", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "openwebui", "product": "open_webui", "cpes": ["cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.3.8", "status": "affected", "lessThanOrEqual": "0.3.32", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T20:07:00.481351Z", "id": "CVE-2024-7038", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T20:38:40.594Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7038", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-09T20:07:00.481351Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:openwebui:open_webui:*:*:*:*:*:*:*:*"], "vendor": "openwebui", "product": "open_webui", "versions": [{"status": "affected", "version": "0.3.8", "versionType": "custom", "lessThanOrEqual": "0.3.32"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T20:08:15.682Z"}}], "cna": {"title": "Information Disclosure in open-webui/open-webui", "source": {"advisory": "f42cf72a-8015-44a6-81a9-c6332ef05afc", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "open-webui", "product": "open-webui/open-webui", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/f42cf72a-8015-44a6-81a9-c6332ef05afc"}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-11-03T18:27:26.279Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7038", "state": "PUBLISHED", "dateUpdated": "2024-11-03T18:27:26.279Z", "dateReserved": "2024-07-23T17:52:31.731Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-10-09T18:26:38.995Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openwebui:open_webui:-:*:*:*:*:*:*:*", "matchCriteriaId": "1233F450-99C2-4F5A-A47E-5F341BEA0E1B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la versi\u00f3n 0.3.8 de open-webui. La vulnerabilidad est\u00e1 relacionada con la funci\u00f3n de actualizaci\u00f3n del modelo de incrustaci\u00f3n en la configuraci\u00f3n de administrador. Cuando un usuario actualiza la ruta del modelo, el sistema verifica si el archivo existe y proporciona diferentes mensajes de error seg\u00fan la existencia y la configuraci\u00f3n del archivo. Este comportamiento permite a un atacante enumerar los nombres de los archivos y recorrer los directorios observando los mensajes de error, lo que puede provocar la exposici\u00f3n de informaci\u00f3n confidencial."}], "id": "CVE-2024-7038", "lastModified": "2024-11-03T17:15:15.340", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-09T19:15:14.930", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://huntr.com/bounties/f42cf72a-8015-44a6-81a9-c6332ef05afc"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "security@huntr.dev", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}