CVE-2024-7053
published 2025-03-20CVE-2024-7053: A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie…
PriorityP353critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
0.66%
46.9th percentile
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default `SameSite=Lax` and does not have the `Secure` flag enabled, allowing the session cookie to be sent over HTTP to a cross-origin domain. An attacker can exploit this by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's server. This can lead to a stealthy administrator account takeover, potentially resulting in remote code execution (RCE) due to the elevated privileges of administrator accounts.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-webui | open-webui | 0 – 0.3.8 | — |
| open-webui | open-webui_open-webui | unspecified – latest | — |
| openwebui | open_webui | — | — |
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
nvdv3.07.6HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Open WebUI Vulnerable to a Session Fixation Attack
osv·2025-03-20
CVE-2024-7053 [HIGH] Open WebUI Vulnerable to a Session Fixation Attack
Open WebUI Vulnerable to a Session Fixation Attack
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default `SameSite=Lax` and does not have the `Secure` flag enabled, allowing the session cookie to be sent over HTTP to a cross-origin domain. An attacker can exploit this by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's server. This can lead to a stealthy administrator account takeover, potentially resulting in remote code execution (RCE) due to the elevated privileges of administrator accounts.
GHSA
Open WebUI Vulnerable to a Session Fixation Attack
ghsa·2025-03-20
CVE-2024-7053 [HIGH] CWE-79 Open WebUI Vulnerable to a Session Fixation Attack
Open WebUI Vulnerable to a Session Fixation Attack
A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default `SameSite=Lax` and does not have the `Secure` flag enabled, allowing the session cookie to be sent over HTTP to a cross-origin domain. An attacker can exploit this by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's server. This can lead to a stealthy administrator account takeover, potentially resulting in remote code execution (RCE) due to the elevated privileges of administrator accounts.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published