CVE-2024-7036: Denial of Service in open-webui/open-webui
Description
A vulnerability in open-webui/open-webui v0.3.8 allows an unauthenticated attacker to sign up with excessively large text in the 'name' field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions such as deleting, editing, or adding users. The vulnerability can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel.
Classification
CVE ID: CVE-2024-7036
CVSS Base Severity: HIGH
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Problem Types
CWE-400 Uncontrolled Resource ConsumptionAffected Products
Vendor: open-webui
Product: open-webui/open-webui
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 13.68% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-7036https://huntr.com/bounties/ba62d093-ab27-48fa-9c53-0602c8cdc48a