Session Fixation Vulnerability in Open-WebUI by Open-WebUI
CVE-2024-7053
Summary
A vulnerability in Open-WebUI version 0.3.8 allows an attacker with user-level access to execute a session fixation attack. The default setting of the session cookie lacks the Secure
flag and is configured with SameSite=Lax
, enabling the cookie to be sent over HTTP to a different domain. By inserting a malicious markdown image in a chat, an attacker may target an administrator; when viewed, the administrator's session cookie is transmitted to the attacker's server. This vulnerability presents a significant risk as it may lead to unauthorized access to an admin account and could ultimately allow for remote code execution due to the privileged access of administrative roles.
Affected Version(s)
open-webui/open-webui <= unspecified
References
CVSS V3.1
CVSS V3.0
Timeline
Vulnerability published
Vulnerability Reserved