|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-03-26 | |
| Rule Name: | Open WebUI Infomation Leakage Vulnerability (CVE-2024-7038) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Open WebUI is an open-source, scalable, feature rich, and user-friendly self hosted WebUI. The Open WebUI v0.3.8 version has an information leakage vulnerability, which stems from the existence of an information leakage vulnerability that allows attackers to enumerate file names and traverse directories by observing error messages, resulting in sensitive information leakage. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://github.com/open-webui/open-webui/releases/tag/v0.3.32 |