Suggestions search

Dismissed

Filter by:

With package: open-webui

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-34225

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 1 month, 1 week ago by @LeSuisse Activity log

Created suggestion 1 month, 1 week ago
@LeSuisse accepted 1 month, 1 week ago
@LeSuisse dismissed 1 month, 1 week ago

Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided URL with no restriction on the domain, allowing the local address space to be accessed. Since the SSRF is blind (the response cannot be read), the primary impact is port scanning of the local network, as whether a port is open can be determined based on whether the GET request succeeds or fails. These response differentials can be automated to iterate through the entire port range and identify open ports. If the service running on an open port can be inferred, an attacker may be able to interact with it in a meaningful way, provided the service offers state-changing GET request endpoints. This issue was unresolved at the time of publication.

References

https://github.com/open-webui/open-webui/security/advisories/GHSA-jgx9-jr5x-mvpv x_refsource_CONFIRMexploit

Affected products

open-webui

==<= 0.7.2

Matching in nixpkgs

pkgs.open-webui

Comprehensive suite for LLMs with a user-friendly WebUI

nixos-unstable 0.8.12
- nixpkgs-unstable 0.8.12
- nixos-unstable-small 0.8.12
nixos-25.11 0.8.12
- nixos-25.11-small 0.8.12
- nixpkgs-25.11-darwin 0.8.12

Package maintainers

@codgician codgician <codgician@outlook.com>
@shivaraj-bh Shivaraj B H <sbh69840@gmail.com>

Current stable branch was never impacted

Permalink CVE-2025-15603

3.7 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Not Defined (X)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 2 months, 2 weeks ago by @mweinelt Activity log

Created suggestion 2 months, 2 weeks ago
@mweinelt dismissed 2 months, 2 weeks ago

open-webui JWT Key start_windows.bat random values

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI_SECRET_KEY leads to insufficiently random values. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.