CVE-2024-7983 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openwebui	Open Webui	0.3.8

Related Weaknesses (CWE)

CWE-770

References

https://huntr.com/bounties/f8156ca5-1328-480f-a72b-8d3dfdad87dcExploitThird Party Advisory

FAQ

What is CVE-2024-7983?

CVE-2024-7983 is a vulnerability with a CVSS score of 7.5 (HIGH). In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time conve...

How severe is CVE-2024-7983?

CVE-2024-7983 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7983?

Check the references section above for vendor advisories and patch information. Affected products include: Openwebui Open Webui.