Open WebUI Note Pinning Vulnerability Allows Unauthorized State Modification

A vulnerability in Open WebUI versions prior to 0.9.3 allows users with read-only access to shared notes to pin or unpin them. The issue arises because the POST /api/v1/notes/{id}/pin endpoint, which modifies the is_pinned status, only verifies read permissions. This flaw enables unauthorized users to alter note states without the required write permissions. In contrast, all other write-related endpoints properly enforce permission checks.

Impact

Exploitation of this vulnerability allows a user with read access to a shared note to unauthorizedly change its pin status, a write operation. This alteration is visible to the note's owner and all users with access to the note, effectively escalating privileges from read to write for the pinning action.

Reproduction

To reproduce this vulnerability, first, ensure that notes sharing is enabled. UserA should create a note and share it with UserB, granting read permission. UserB can then read the note, which will return a 200 OK response but indicate no write access. Attempting to use a write operation, such as updating the note, will correctly result in a 403 Forbidden response. However, UserB can exploit the vulnerability by pinning the note, which will be accepted despite the lack of write permission. This can be repeated to toggle the pin status back and forth.

Remediation

Users can update to Open WebUI version 0.9.3 or later, where this vulnerability is fixed.