Open WebUI Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Open WebUI versions prior to 0.6.37. This vulnerability allows authenticated users to manipulate the server into making HTTP requests to arbitrary URLs. Exploitation of this flaw could lead to unauthorized access to cloud metadata services (AWS, GCP, Azure), scanning of internal networks, interaction with private services behind firewalls, and exfiltration of sensitive data. The issue arises because the application fails to properly validate URLs before processing them, leaving several attack vectors open.

Impact

Exploitation of this vulnerability could result in unauthorized access to cloud metadata, allowing attackers to steal sensitive credentials and potentially compromise entire cloud accounts. Additionally, the vulnerability could be used to access internal networks and services, bypassing firewalls and exposing critical infrastructure and data.

Reproduction

To reproduce this vulnerability, authenticate as a user and send a POST request to the '/api/v1/retrieval/process/web' endpoint with a URL that the server should fetch. The server will retrieve the content from the specified URL, demonstrating the SSRF vulnerability. For more advanced exploitation, URLs pointing to cloud metadata services or internal network addresses can be used to access sensitive information or services.

Remediation

Users are advised to update to Open WebUI version 0.6.37 or later, where this vulnerability has been fixed.