ch

docs/security/vendor-dispositions/cve-2024-7040.mdx

@@ -8,7 +8,7 @@ title: "CVE-2024-7040"
 | | |
 | :--- | :--- |
 | **CVE ID** | [CVE-2024-7040](https://www.cve.org/CVERecord?id=CVE-2024-7040) |
-| **Vendor Disposition** | Rejected — not a vulnerability |
+| **Vendor Disposition** | Rejected — out of scope |
 | **Published** | 2025-10-15 |
 | **Issuing CNA** | huntr.dev |
 | **Claimed Severity** | Medium (CVSS 4.9 — CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) |
@@ -23,22 +23,24 @@ In Open WebUI v0.3.8, an administrator can access the chat history of another ad
 
 ---
 
-## Why This Is Not a Vulnerability
+## Why This Is Out of Scope
 
 Both the requesting party and the targeted party in this report are **administrators of the same Open WebUI instance**. The cited endpoint is gated by `Depends(get_admin_user)` — only administrators can call it.
 
 ### Administrators Share a Trust Boundary
 
-Administrators can install any Tool or Function — which execute arbitrary Python on the server and can read or modify the database directly — and can modify any other user, including other administrators (e.g. resetting passwords). This is expected and intended behavior: administrators are the highest tier of privilege in Open WebUI. They typically also have direct server and database access at the deployment layer.
+Administrators can install any Tool or Function — which execute arbitrary Python on the server and can read or modify the database directly — and can modify any other user, including other administrators (e.g. resetting passwords). They typically also have direct server and database access at the deployment layer.
 
-Because administrators already possess these capabilities, cross-administrator read access to chat data does not cross a privilege boundary and is not a breach of confidentiality. The targeted administrator's data is accessible to the requesting administrator through multiple equivalent paths by design.
+Because administrators already possess these capabilities, cross-administrator read access to chat data does not cross a privilege boundary in the security sense. The targeted administrator's data is reachable by the requesting administrator through multiple equivalent paths (database access, Tools/Functions, password reset).
 
-This is consistent with the threat model of comparable self-hosted multi-administrator applications (GitLab, Jenkins, Discourse, WordPress multisite): administrators are not isolated from one another, and reports of admin-vs-admin information disclosure are typically classified as out-of-scope or as feature requests, not as vulnerabilities.
+We acknowledge that there is a reasonable expectation of privacy between administrators — the frontend UI intentionally hides the chat listing for admin accounts, which reflects a design intent to separate admin-to-admin visibility at the UI layer. However, this UI-level separation does not constitute a security boundary. Enforcing true inter-admin isolation would require fundamental architectural changes (per-admin encryption, segregated data stores, or similar) that go well beyond the scope of a CVE fix. Under our security policy, this is classified as out-of-scope for vulnerability reporting, though we recognize the underlying expectation is not unreasonable.
+
+This is consistent with how comparable self-hosted multi-administrator applications (GitLab, Jenkins, Discourse, WordPress multisite) handle similar reports: administrators are not cryptographically isolated from one another, and reports of admin-vs-admin information disclosure are typically classified as out-of-scope or as feature requests, not as vulnerabilities.
 
 ### Applicable Security Policy Rules
 
-- **[Rule 9](/security/security-policy#reporting-guidelines):** "Admins have full system control and are expected to understand the security implications of their actions and configurations." Administrators within the same instance share a single trust boundary.
-- **[Rule 7](/security/security-policy#reporting-guidelines):** The report does not acknowledge the project's documented self-hosted, multi-administrator architecture in which administrators share trust.
+- **[Rule 9](/security/security-policy#reporting-guidelines):** Admins have full system control and are expected to understand the security implications of their actions and configurations. Administrators within the same instance share a single trust boundary.
+- **[Rule 7](/security/security-policy#reporting-guidelines):** The report does not acknowledge the project's self-hosted, multi-administrator architecture in which administrators share trust at the infrastructure level.
 
 ---
 

docs/security/vendor-dispositions/cve-2025-15603.mdx

@@ -51,7 +51,7 @@ The other two supported startup mechanisms — `start.sh` and `open-webui serve`
 
 ### Disclosure Pathway
 
-No report corresponding to this CVE was filed against the project via its published reporting channel (GitHub Security Advisories) prior to publication. The original report was submitted via huntr.com and propagated to VulDB; the maintainers were never contacted and were given no opportunity to triage or respond before publication.
+No report corresponding to this CVE was filed through the project's official reporting channel ([GitHub Security Advisories](https://github.com/open-webui/open-webui/security)) prior to publication.
 
 ---
 

docs/security/vendor-dispositions/cve-2025-29446.mdx

@@ -39,7 +39,7 @@ The same pattern (admin-authenticated outbound URL probe to verify a configured
 
 ### Disclosure Pathway
 
-No report corresponding to this CVE was filed against the project via its published reporting channel (GitHub Security Advisories) prior to publication. The original report was published as a markdown file in an unrelated third-party GitHub repository and submitted directly to MITRE without vendor coordination.
+No report corresponding to this CVE was filed through the project's official reporting channel ([GitHub Security Advisories](https://github.com/open-webui/open-webui/security)) prior to publication.
 
 ---
 

docs/security/vendor-dispositions/cve-2025-63391.mdx

@@ -45,7 +45,7 @@ The CWE-306 ("Missing Authentication for Critical Function") characterization is
 
 ### Disclosure Pathway
 
-No report corresponding to this CVE was filed against the project via its published reporting channel prior to publication. The original report was published as a personal GitHub gist of unverified provenance and submitted directly to MITRE without any vendor coordination.
+No report corresponding to this CVE was filed through the project's official reporting channel ([GitHub Security Advisories](https://github.com/open-webui/open-webui/security)) prior to publication.
 
 ---