References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

OR
          *cpe:2.3:a:openwebui:open_webui:0.3.8:*:*:*:*:*:*:*

CISA-ADP: https://huntr.com/bounties/947f8191-0abf-4adf-b7c4-d4c19683aba2 Types: Exploit

huntr.dev: https://huntr.com/bounties/947f8191-0abf-4adf-b7c4-d4c19683aba2 Types: Exploit

https://huntr.com/bounties/947f8191-0abf-4adf-b7c4-d4c19683aba2

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default `SameSite=Lax` and does not have the `Secure` flag enabled, allowing the session cookie to be sent over HTTP to a cross-origin domain. An attacker can exploit this by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

CWE-79

https://huntr.com/bounties/947f8191-0abf-4adf-b7c4-d4c19683aba2