CVE-2024-7046

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-475
View all →

Vulnerability Description

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to retrieve the first admin (owner) details.

Related Vulnerabilities

CVE-2023-52533

MEDIUM
CVSS:5.3(Medium)

In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed

CWE-4752023

CVE-2024-3099

MEDIUM
CVSS:5.4(Medium)

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authentica...

CWE-4752024

CVE-2023-4875

MEDIUM
CVSS:5.7(Medium)

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12

CWE-4752023

CVE-2024-12390

HIGH
CVSS:8.8(High)

A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Pyt...

CWE-4752024

CVE-2020-7925

HIGH
CVSS:7.5(High)

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service....

CWE-4752020

CVE-2024-10569

HIGH
CVSS:7.5(High)

A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed ...

CWE-4752024