Open WebUI Blind Server Side Request Forgery Vulnerability Allowing Local Port Scanning

A blind server side request forgery (SSRF) vulnerability has been identified in Open WebUI versions through 0.7.2. The issue arises in the image editing functionality, where user-provided URLs are blindly accepted and requested without domain restrictions. This vulnerability allows interaction with the local address space. Although the SSRF is blind and the response cannot be read, it can be exploited to perform port scanning on the local network. By automating the process of sending GET requests and analyzing the success or failure of these requests, an attacker can identify open ports. If a service running on an open port can be inferred, it may be possible to interact with it, especially if the service has state-changing GET endpoints.

Impact

Exploitation of this vulnerability allows for blind server side request forgery, with the primary impact being unauthorized port scanning of the local network. This could potentially lead to interaction with services on open ports, depending on the nature of those services.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/api/v1/images/edit' endpoint with an authorization token and a JSON payload that includes a user-provided URL. The server will then perform a GET request to the specified URL, including any local addresses, without any restrictions. This blind SSRF can be automated to scan local ports and identify open services.

Remediation

Users are advised to update to a version of Open WebUI that addresses this vulnerability by restricting user-provided URLs from accessing the local address space.