Open WebUI Blind Server-Side Request Forgery Vulnerability in PDF Generation Function

A blind server-side request forgery (SSRF) vulnerability has been identified in Open WebUI versions prior to 0.5.11. This issue arises in the PDF export feature, where user inputs are processed as HTML and embedded into the PDF. While scripts and certain potentially harmful tags, such as iFrames and Objects, are blocked, an image tag can be used to initiate a server-side request, exploiting this vulnerability. The issue has been fixed in version 0.5.11.

Impact

Exploitation of this vulnerability allows users to send server-side GET requests. Although the responses could not be read during testing, this is a blind SSRF vulnerability. Such vulnerabilities can be problematic as they may allow internal asset enumeration through response timing analysis or trigger arbitrary GET requests.

Reproduction

To reproduce this vulnerability, upload an image to a server that can be accessed via a public URL. Then, start a chat in Open WebUI and use the PDF export function. Intercept the request and insert an image tag into the 'title' field, directing the image source to the URL of the uploaded image. Once the request is sent, the server will make a GET request to the image URL, demonstrating the SSRF vulnerability.

Remediation

Users can update to Open WebUI version 0.5.11 or later, where this vulnerability has been fixed.