CVE-2024-30256
MEDIUMOpen WebUI < 0.1.117 - Authenticated Blind Server-Side Request Forgery
Title source: llmDescription
Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/open-webui/open-webui/security/advisories/GHSA-39wr-r5vm-3jxj
Exploit, Third Party Advisory x_refsource_misc
https://securitylab.github.com/advisories/GHSL-2024-033_open-webui
Scores
CVSS v3
6.4
EPSS
0.0041
EPSS Percentile
32.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
openwebui/open_webui
< 0.1.117
Published
Apr 16, 2024
Tracked Since
Feb 18, 2026