CVE-2024-8017

Name of the Vulnerable Software and Affected Versions open-webui/open-webui versions <= 0.3.8

Description An XSS issue exists, specifically in the function that constructs the HTML for tooltips, allowing attackers to perform operations with the victim's privileges. This includes stealing chat history, deleting chats, and potentially escalating their own account to an admin if the victim is an admin.

Recommendations For versions <= 0.3.8, update to version 0.3.9 to resolve the issue. As a temporary workaround, consider restricting access to the tooltip functionality until the update can be applied.