Nixpkgs security tracker
Dismissed
Permalink
CVE-2025-15603
3.7 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): None (N)
- Availability (A): None (N)
- Exploit Code Maturity (E): Proof-of-Concept (P)
- Remediation Level (RL): Not Defined (X)
- Report Confidence (RC): Confirmed (C)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
by @mweinelt Activity log
- Created suggestion
- @mweinelt dismissed
open-webui JWT Key start_windows.bat random values
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI_SECRET_KEY leads to insufficiently random values. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
References
-
-
-
Submit #766444 | open-webui 6.16 Use of Hard-coded Cryptographic Key third-party-advisory
Affected products
open-webui
- ==0.6.6
- ==0.6.12
- ==0.6.14
- ==0.6.16
- ==0.6.5
- ==0.6.7
- ==0.6.13
- ==0.6.1
- ==0.6.15
- ==0.6.3
- ==0.6.0
- ==0.6.4
- ==0.6.8
- ==0.6.9
- ==0.6.2
- ==0.6.11
- ==0.6.10
Package maintainers
-
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>
-
@shivaraj-bh Shivaraj B H <sbh69840@gmail.com>