Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7041

An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other users' memories without proper authorization.

Published

2024-10-09T20:15:09.683

Last Modified

2025-10-15T13:15:51.233

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-639
Type: Secondary
CWE-639

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openwebui	open_webui	0.3.8	Yes

References

https://huntr.com/bounties/6855227f-1237-47b8-8d37-29aad7ddec3a Exploit, Third Party Advisory ([email protected])