CVE-2024-7038

LOW Year: 2024
CVSS v3 Score
2.7
Low
Weakness Type
CWE-209
View all →

Vulnerability Description

An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information.

Related Vulnerabilities

CVE-2019-4636

LOW
CVSS:2.7(Low)

IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013.

CWE-2092019

CVE-2019-4699

LOW
CVSS:2.7(Low)

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931.

CWE-2092019

CVE-2020-1717

LOW
CVSS:2.7(Low)

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.

CWE-2092020

CVE-2020-4164

LOW
CVSS:2.7(Low)

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system....

CWE-2092020

CVE-2020-4248

LOW
CVSS:2.7(Low)

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informati...

CWE-2092020

CVE-2020-4327

LOW
CVSS:2.7(Low)

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furt...

CWE-2092020