What is CVE-2024-7049?

CVE-2024-7049 is a medium-severity vulnerability in Open-webui Open-webui/open-webui, classified under CWE-488. CVSS score: 5.4/10. Published 2024-10-10.

How severe is CVE-2024-7049?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Is CVE-2024-7049 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Open-webui Open-webui/open-webui

CVE-2024-7049

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval proce…

EPSS: 0.001 (20.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Open-webui Open-webui/open-webui — versions unspecified

Weakness classification (CWE)

CWE-488

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

huntr.com/bounties/ee9e3532-8ef1-4599-bb59-b8e2ba43a1fc

Frequently asked questions

What is CVE-2024-7049?: CVE-2024-7049 is a medium-severity vulnerability in Open-webui Open-webui/open-webui, classified under CWE-488. CVSS score: 5.4/10. Published 2024-10-10.
How severe is CVE-2024-7049?: Medium severity. CVSS v3 base score is 5.4 out of 10.
Is CVE-2024-7049 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.