NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-7048

Summary	In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models.
Publication Date	Oct. 10, 2024, 11:15 a.m.
Registration Date	Oct. 10, 2024, 4 p.m.
Last Update	Oct. 10, 2024, 11:15 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://huntr.com/bounties/acd0b2dd-61eb-4712-82d3-a4e35d6ee560

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-269	不適切な権限管理	https://cwe.mitre.org/data/definitions/269.html

JVN Vulnerability Information

openwebui の open webui における権限管理に関する脆弱性

Title	openwebui の open webui における権限管理に関する脆弱性
Summary	openwebui の open webui には、権限管理に関する脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 10, 2024, midnight
Registration Date	July 30, 2025, 12:12 p.m.
Last Update	July 30, 2025, 12:12 p.m.

Affected System

openwebui

open webui 0.3.8

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-7048	https://www.cve.org/CVERecord?id=CVE-2024-7048
National Vulnerability Database (NVD)
2	CVE-2024-7048	https://nvd.nist.gov/vuln/detail/CVE-2024-7048

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-269	https://cwe.mitre.org/data/definitions/269.html

その他

No	Name	URL
関連文書
1	huntr.com (acd0b2dd-61eb-4712-82d3-a4e35d6ee560)	https://huntr.com/bounties/acd0b2dd-61eb-4712-82d3-a4e35d6ee560

Change Log

No	Changed Details	Date of change
1	[2025年07月30日] 掲載	July 30, 2025, 12:12 p.m.