Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Disclosure in open-webui/open-webui
Vulnerability Description
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information.
CVSS Information
N/A
Vulnerability Type
通过错误消息导致的信息暴露
Vulnerability Title
Open WebUI 信息泄露漏洞
Vulnerability Description
Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI v0.3.8版本存在信息泄露漏洞,该漏洞源于存在信息泄露漏洞,允许攻击者通过观察错误消息枚举文件名和遍历目录,从而导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A