Open WebUI Message Management IDOR Vulnerability Allowing Unauthorized Message Modification or Deletion

A vulnerability allowing insecure direct object modification and deletion of messages has been identified in Open WebUI versions prior to 0.6.19. This issue arises within the channels message management system, where authenticated users can alter or remove any message in channels they can read. The problem lies in the message update and delete API endpoints, which enforce channel-level authorization but fail to validate message ownership. While the frontend correctly restricts edit and delete options to message owners or admins, the backend APIs only check channel access, allowing users to exploit this oversight and manipulate others' messages. This vulnerability undermines message integrity and audit trails in collaborative environments.

Impact

Exploitation of this vulnerability allows users to modify or delete messages belonging to others within shared channels, bypassing established ownership controls. This not only disrupts the original content but also interferes with the integrity of conversation records.

Reproduction

To reproduce this vulnerability, deploy Open WebUI with channels enabled. Have User A create a channel and grant User B read access. User A can then post a message in the channel. User B, observing the message ID through the frontend, can exploit the vulnerability by sending direct API requests to the message update or deletion endpoints, using an authorization token to bypass frontend controls. This will result in the modification or deletion of the message, despite User B only having read permissions.

Remediation

To address this vulnerability, implement proper message ownership validation in the update and delete API endpoints. Add checks to ensure that only message owners or admins can modify messages, and adjust the permission validation to align with the access control model used in other parts of the application.