Open WebUI Mass Assignment Vulnerability in Feedback Endpoint Allows User ID Spoofing and Data Manipulation

A mass assignment vulnerability has been identified in Open WebUI versions prior to 0.9.5. The issue arises in the POST /api/v1/evaluations/feedback endpoint, where the FeedbackForm model is configured to accept arbitrary extra fields. This vulnerability allows an authenticated attacker to inject a user_id field that overwrites the server-derived user ID, enabling identity spoofing and manipulation of feedback data. As a result, the integrity of the model evaluation leaderboard is compromised, allowing for unauthorized adjustments to Elo ratings.

Impact

Exploitation of this vulnerability allows for user identity spoofing, as feedback can be created under the name of any user by manipulating the user_id field. Additionally, the integrity of the model evaluation leaderboard is compromised, as attackers can artificially inflate or deflate ratings for specific models, leading to unreliable evaluation outcomes.

Reproduction

To reproduce this vulnerability, an authenticated user can send a POST request to the /api/v1/evaluations/feedback endpoint. The request must include a user_id field in the feedback form data, which will overwrite the authenticated user's ID. Once the feedback is submitted, the spoofed user_id will be reflected in the response, confirming successful exploitation.

Remediation

Users are advised to update to Open WebUI version 0.9.5 or later, where this vulnerability has been patched.