{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7049", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-07-23T19:15:08.148Z", "datePublished": "2024-10-10T07:15:55.293Z", "dateUpdated": "2024-10-10T14:45:15.962Z"}, "containers": {"cna": {"title": "Exposure of Token in open-webui/open-webui", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-10-10T07:15:55.293Z"}, "descriptions": [{"lang": "en", "value": "In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process."}], "affected": [{"vendor": "open-webui", "product": "open-webui/open-webui", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-488 Exposure of Data Element to Wrong Session", "cweId": "CWE-488"}]}], "source": {"advisory": "ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "open-webui", "product": "open-webui", "cpes": ["cpe:2.3:a:open-webui:open-webui:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.3.8", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T14:23:29.815840Z", "id": "CVE-2024-7049", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T14:45:15.962Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7049", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-10T14:23:29.815840Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:open-webui:open-webui:*:*:*:*:*:*:*:*"], "vendor": "open-webui", "product": "open-webui", "versions": [{"status": "affected", "version": "0.3.8"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T14:24:52.828Z"}}], "cna": {"title": "Exposure of Token in open-webui/open-webui", "source": {"advisory": "ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "open-webui", "product": "open-webui/open-webui", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc"}], "descriptions": [{"lang": "en", "value": "In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-488", "description": "CWE-488 Exposure of Data Element to Wrong Session"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-10-10T07:15:55.293Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7049", "state": "PUBLISHED", "dateUpdated": "2024-10-10T14:45:15.962Z", "dateReserved": "2024-07-23T19:15:08.148Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-10-10T07:15:55.293Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openwebui:open_webui:0.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "7BFA5C2D-BD4F-4BD5-8D4E-D3BE4036FFA4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process."}, {"lang": "es", "value": "En la versi\u00f3n v0.3.8 de open-webui/open-webui, existe una vulnerabilidad en la que se devuelve un token cuando un usuario con un rol pendiente inicia sesi\u00f3n. Esto permite al usuario realizar acciones sin la confirmaci\u00f3n del administrador, omitiendo el proceso de aprobaci\u00f3n previsto."}], "id": "CVE-2024-7049", "lastModified": "2024-10-17T14:22:44.653", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-10T08:15:03.910", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-488"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{}

{}