CVE-2024-7038
LOWDescription
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| openwebui | open_webui |
References
Frequently Asked Questions
What is CVE-2024-7038? +
How severe is CVE-2024-7038? +
What products are affected by CVE-2024-7038? +
How do I check if I'm vulnerable to CVE-2024-7038? +
Related Vulnerabilities
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google …
User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages …
The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected …
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not …
A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When …
In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting …