CVE-2024-7043
Published: 20 March 2025
Description
Adversaries may delete files left behind by the actions of their intrusion activity.
Security Summary
CVE-2024-7043 is an improper access control vulnerability (CWE-862) in open-webui/open-webui version 0.3.8. The issue stems from the application failing to verify whether a user is an administrator before allowing access to file management functions. Attackers can directly invoke the GET /api/v1/files/ endpoint to retrieve information on all files uploaded by users, including their ID values.
A low-privileged remote attacker (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By first listing all files via GET /api/v1/files/, the attacker obtains file IDs, then uses GET /api/v1/files/{file_id} to view any file's contents and DELETE /api/v1/files/{file_id} to delete it. This results in high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in the CVSS v3.1 base score of 8.8.
Mitigation details and additional information are available in the advisory published on Huntr at https://huntr.com/bounties/c01e0c7f-68d8-45cf-91d2-521c97f33b00. The vulnerability was published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Open WebUI is a self-hosted web interface for LLMs (e.g., Ollama, OpenAI-compatible APIs), functioning as an enterprise-grade AI assistant platform. The vulnerability affects its file management APIs, which handle user-uploaded files for AI interactions like RAG.
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The improper access control vulnerability allows unauthorized attackers to list all files (T1083), retrieve file contents (T1005), and delete any files (T1070.004).