Miggo Logo
Miggo Vulnerability Database
CVE-2024-7037

CVE-2024-7037: open-webui allows writing and deleting arbitrary files

6.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2024-7037
GHSA ID
GHSA-54f4-v6v9-9q82
EPSS Score
0.76245%
CWE
CWE-22
Published
10/9/2024
Updated
10/9/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
open-webuipip<= 0.3.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the file upload handler referenced in GitHub's main.py line 1513. The advisory explicitly states unsanitized filename concatenation with CACHE_DIR as the root cause. The code likely uses user-supplied filename directly in os.path.join() or similar file operations without normalization/sanitization checks. This matches the CWE-22 pattern where user-controlled filenames can contain path traversal sequences (../../) to escape the restricted directory. The high confidence comes from multiple sources (GHSA, CVE, huntr) all pointing to this specific endpoint and code pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In v*rsion v*.*.* o* op*n-w**ui/op*n-w**ui, t** *n*point /*pi/pip*lin*s/uplo** is vuln*r**l* to *r*itr*ry *il* writ* *n* **l*t* *u* to uns*nitiz** *il*.*il*n*m* *on**t*n*tion wit* *****_*IR. T*is vuln*r**ility *llows *tt**k*rs to ov*rwrit* *n* **l*t*

Reasoning

T** vuln*r**ility st*ms *rom t** *il* uplo** **n*l*r r***r*n*** in *it*u*'s `m*in.py` lin* ****. T** **visory *xpli*itly st*t*s uns*nitiz** `*il*n*m*` *on**t*n*tion wit* `*****_*IR` *s t** root **us*. T** *o** lik*ly us*s us*r-suppli** `*il*n*m*` *ir