Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-7039
CVE-2024-7039:
Python vulnerability analysis and mitigation
Overview
In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability identified as CVE-2024-7039. The vulnerability was disclosed on March 20, 2025, and affects the administrative access control mechanisms of the application (NVD).
Technical details
The vulnerability stems from improper privilege management in the API endpoint http://0.0.0.0:8080/api/v1/users/{uuid_administrator}. While the user interface restricts administrative deletion actions, these restrictions can be bypassed through direct API calls. The vulnerability has been assigned a CVSS v3.0 base score of 8.3 (HIGH) with the vector string CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L, indicating a serious security issue (NVD).
Impact
The vulnerability allows an attacker with admin access to delete other administrators through direct API calls, bypassing intended access controls. This could lead to privilege escalation and potential disruption of administrative access management (NVD).
Additional resources
Source: This report was generated using AI
Related Python vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management