Open WebUI Information Disclosure Vulnerability via Unsanitized Filename in Speech-to-Text Transcription Endpoint

A path traversal vulnerability has been identified in Open WebUI versions prior to 0.8.6. An unsanitized filename field in the speech-to-text transcription endpoint allows authenticated non-admin users to trigger a FileNotFoundError. The error message returned in the HTTP 400 response body includes the server's absolute DATA_DIR path, leading to unauthorized information disclosure on default deployments. The vulnerability arises because the filename is not properly sanitized before being used to construct a file path, allowing for traversal sequences to be exploited.

Impact

Exploitation of this vulnerability allows for unauthorized disclosure of the server's absolute DATA_DIR filesystem path, which could be used to infer information about the server's file structure and potentially facilitate further attacks.

Reproduction

To reproduce this vulnerability, upload a file through the speech-to-text transcription endpoint using a multipart form-data request. The filename should be crafted to include path traversal sequences, such as 'audio./etc/passwd'. The server will respond with a 400 status code and an error message containing the full absolute path of the traversed file, thereby disclosing sensitive filesystem information.

Remediation

Users are advised to update to Open WebUI version 0.8.6 or later, where this vulnerability has been patched.