漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability
Vulnerability Description
Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of credentials provided to the endpoint. The issue results from transmitting sensitive information in plaintext. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-28259.
CVSS Information
N/A
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
Open WebUI 安全漏洞
Vulnerability Description
Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI存在安全漏洞,该漏洞源于处理凭据时以明文传输敏感信息,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A