Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability
Vulnerability Description
Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of credentials provided to the endpoint. The issue results from transmitting sensitive information in plaintext. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-28259.
CVSS Information
N/A
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
Open WebUI 安全漏洞
Vulnerability Description
Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI存在安全漏洞,该漏洞源于处理凭据时以明文传输敏感信息,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A