Open WebUI Insecure Direct Object Reference Vulnerability Allowing Unauthorized Access to Private Memories and Files

An insecure direct object reference vulnerability has been identified in Open WebUI versions prior to 0.8.6. This vulnerability allows any authenticated user to access private memories and files of other users, including administrators. The issue arises from a lack of proper authorization checks in the collection querying API, which enables users to exploit predictable collection name patterns to retrieve sensitive information.

Impact

Exploitation of this vulnerability leads to unauthorized access to private documents and memories of other users, including admins. This includes full content and metadata of files, as well as personal memories used for AI personalization, directly contradicting the application's documentation.

Reproduction

To reproduce this vulnerability, first register two users: an admin and an attacker. As the admin, upload a PDF document and enable the Memory feature, adding some personal memories. Then, as the attacker, use the API to search for users and obtain the admin's UUID. With this information, query the admin's private memory collection or files using the vulnerable API endpoint, successfully retrieving the sensitive data.

Remediation

The vulnerability can be addressed by adding ownership validation in the collection querying handler to ensure users can only access their own memories and files. Additionally, the user search API should be restricted to admin-only access or limited to non-privileged fields.