Session Fixation Vulnerability in Open-WebUI by Open-WebUI
CVE-2024-7053

9CRITICAL

Key Information:

Vendor
Open-webui
Status
Open-webui/open-webui
Vendor
CVE Published:
20 March 2025

Summary

A vulnerability in Open-WebUI version 0.3.8 allows an attacker with user-level access to execute a session fixation attack. The default setting of the session cookie lacks the Secure flag and is configured with SameSite=Lax, enabling the cookie to be sent over HTTP to a different domain. By inserting a malicious markdown image in a chat, an attacker may target an administrator; when viewed, the administrator's session cookie is transmitted to the attacker's server. This vulnerability presents a significant risk as it may lead to unauthorized access to an admin account and could ultimately allow for remote code execution due to the privileged access of administrative roles.

Affected Version(s)

open-webui/open-webui <= unspecified

References

https://huntr.com/bounties/947f8191-0abf-4adf-b7c4-d4c196...

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.