CVE-2024-7038

An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/f42cf72a-8015-44a6-81a9-c6332ef05afc	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openwebui:open_webui:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-09 19:15

Updated : 2024-11-03 17:15

NVD link : CVE-2024-7038

Mitre link : CVE-2024-7038

CVE.ORG link : CVE-2024-7038

JSON object : View

Products Affected

openwebui

open_webui

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2024-7038", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2024-10-09T19:15:14.930", "references": [{"url": "https://huntr.com/bounties/f42cf72a-8015-44a6-81a9-c6332ef05afc", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-209"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la versi\u00f3n 0.3.8 de open-webui. La vulnerabilidad est\u00e1 relacionada con la funci\u00f3n de actualizaci\u00f3n del modelo de incrustaci\u00f3n en la configuraci\u00f3n de administrador. Cuando un usuario actualiza la ruta del modelo, el sistema verifica si el archivo existe y proporciona diferentes mensajes de error seg\u00fan la existencia y la configuraci\u00f3n del archivo. Este comportamiento permite a un atacante enumerar los nombres de los archivos y recorrer los directorios observando los mensajes de error, lo que puede provocar la exposici\u00f3n de informaci\u00f3n confidencial."}], "lastModified": "2024-11-03T17:15:15.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openwebui:open_webui:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1233F450-99C2-4F5A-A47E-5F341BEA0E1B"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}