Security Advisory

CVE-2024-7041

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-09 19:57:41

Last updated 2025-10-15 12:50:35

Assigner @huntr_ai

State PUBLISHED

Description

An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other users memories without proper authorization.

← Browse all CVEs View on cve.org ↗