Open WebUI Channel Access Grants Bypass Vulnerability

A vulnerability exists in Open WebUI versions prior to 0.9.0, allowing non-admin users to bypass access control mechanisms when creating or updating group channels. The channel router fails to invoke the necessary access grant filtering, enabling users to submit arbitrary access grants, including public wildcard permissions, which are then stored without restriction. This oversight allows regular users to make channels publicly accessible, undermining admin-configured sharing policies.

Impact

This vulnerability allows regular users to circumvent admin-imposed restrictions on public channel sharing, effectively making channels accessible to all users on the instance. Additionally, it enables users to grant individual access rights in environments where only group-based sharing is permitted, thereby rendering the admin's permission framework ineffective. This issue also creates a disparity with other resource types in the application, complicating the overall security management.

Reproduction

To reproduce this vulnerability, an admin must set permissions to restrict regular users from sharing channels publicly. A regular user can then create or update a group channel by submitting a request that includes a public wildcard access grant. The channel will be saved with the granted permissions, making it accessible to all users, in direct violation of the admin's sharing policy.

Remediation

Users are advised to update Open WebUI to version 0.9.0 or later, where this vulnerability has been addressed.