CVE-2024-6707

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
References
Link Resource
https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

08 Aug 2024, 20:55

Type Values Removed Values Added
First Time Debian
Openwebui
Debian debian Linux
Openwebui open Webui
References () https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt - () https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 8.8
CPE cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:a:openwebui:open_webui:0.1.105:*:*:*:*:*:*:*

08 Aug 2024, 14:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) Los archivos controlados por un atacante se pueden cargar en ubicaciones arbitrarias en el sistema de archivos del servidor web abusando de una vulnerabilidad de path traversal.

07 Aug 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 23:15

Updated : 2024-08-08 20:55


NVD link : CVE-2024-6707

Mitre link : CVE-2024-6707

CVE.ORG link : CVE-2024-6707


JSON object : View

Products Affected

debian

  • debian_linux

openwebui

  • open_webui
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-434

Unrestricted Upload of File with Dangerous Type