Open-WebUI Incorrect Access Control Vulnerability Allowing Arbitrary Task Cancellation

A vulnerability in Open-WebUI version 0.6.33 allows authenticated users to cancel tasks initiated by others, including those started by Admin accounts. The issue arises from an unprotected API endpoint that stops tasks without verifying user ownership or permissions. This flaw can disrupt ongoing processes and potentially lead to a broader denial-of-service condition on the application.

Impact

Exploitation of this vulnerability causes a denial-of-service effect on specific users by interrupting their tasks. Additionally, if many tasks are canceled rapidly, it can create widespread service disruptions. The vulnerability also allows for the interruption of critical or time-sensitive tasks.

Reproduction

To reproduce this vulnerability, create two user accounts in Open-WebUI: one Admin and one Normal. Have the Admin start a task that generates a server-side LLM response. Then, as the Normal user, access the '/api/tasks' endpoint to retrieve a list of active tasks and their IDs. Identify a task ID belonging to the Admin account. Finally, send a POST request to '/api/tasks/stop/{task_id}' using the Normal user's authorization token to cancel the Admin's task.

Remediation

To address this vulnerability, implement checks to ensure that only task owners or users with specific privileges can cancel tasks. Additionally, restrict the task listing endpoint to return only tasks owned by the requesting user, unless the requester is an Admin or has broader permissions. It is also recommended to add unit tests for the task cancellation endpoint to verify ownership and permission controls.