Open WebUI SSRF Vulnerability via IPv6 Address Validation Bypass

A server-side request forgery (SSRF) vulnerability has been identified in Open WebUI versions prior to 0.9.0. The issue arises in the 'validate_url()' function, where the 'validators' library's IPv6 validation does not correctly handle private addresses. This flaw allows all IPv6 addresses to pass validation. Additionally, IPv4-mapped IPv6 addresses can bypass IPv4 checks, and several reserved IPv4 ranges are not blocked. As a result, authenticated users can access internal services or cloud metadata that could lead to credential exfiltration.

Impact

Exploitation of this vulnerability allows authenticated users to access internal IPv4 and IPv6 addresses from the server process, potentially reaching cloud metadata services or other internal APIs.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/api/v1/retrieval/process/web' endpoint with an IPv4-mapped IPv6 address that points to a target service, such as the AWS Instance Metadata Service. The 'validate_url()' function will incorrectly validate the IP address, allowing the request to be processed and the metadata to be accessed.

Remediation

Users are advised to update Open WebUI to version 0.9.0 or later, where this vulnerability has been fixed.