Open WebUI Arbitrary File Upload Vulnerability Allowing Path Traversal

A path traversal vulnerability allowing arbitrary file upload has been identified in Open WebUI versions prior to 0.1.124. When files are attached to a prompt through the web interface, the file names are taken from the original HTTP upload request without any validation or sanitization. This oversight enables users to upload files with names that include dot-segments, allowing them to traverse out of the designated uploads directory. As a result, files can be uploaded to any location on the filesystem where the user running the web server has permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads to arbitrary locations on the server, potentially allowing the execution of malicious code or the manipulation of server files. According to the vulnerability disclosure, this could be used to upload harmful models that, when deserialized, execute arbitrary Python bytecode. Alternatively, an attacker could upload a file to the 'authorized_keys' directory via SSH to gain remote access to the machine.

Reproduction

To reproduce this vulnerability, upload a file through the Open WebUI HTTP interface by attaching it to a prompt. The file name can be crafted to include dot-segments that traverse out of the intended upload directory. Once uploaded, the file will appear in the specified location on the server's filesystem, demonstrating the path traversal exploit.

Remediation

Users are advised to update Open WebUI to version 0.1.124 or later, where this vulnerability has been fixed.