Denial of Service Vulnerability in Open-WebUI by Open-WebUI
CVE-2024-7036
7.5HIGH
Summary
A vulnerability in Open-WebUI version 0.3.8 allows unauthenticated attackers to exploit the 'name' field by entering excessively large text. This attack leads to an unresponsive Admin panel, hindering administrators from performing crucial user management tasks such as adding, editing, or deleting user accounts. Additionally, authenticated users with low privileges can also trigger this vulnerability, affecting overall administrative functions within the application.
Affected Version(s)
open-webui/open-webui <= unspecified
References
CVSS V3.0
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved