Open WebUI Unauthenticated Information Disclosure Vulnerability in RAG Pipeline Configuration

A vulnerability allowing unauthenticated information disclosure has been identified in Open WebUI versions prior to 0.9.5. The issue arises in the retrieval API endpoint, which exposes live RAG pipeline configuration to any unauthenticated HTTP client. This endpoint lacks proper authentication checks, in contrast to adjacent endpoints that are correctly secured. As a result, sensitive information about the RAG template, embedding models, and chunking parameters can be accessed without any credentials.

Impact

Exploitation of this vulnerability leads to unauthorized access to RAG pipeline configuration details, including the RAG template, embedding engine and model information, and chunking parameters. This disclosed information could be used to craft targeted RAG poisoning payloads.

Reproduction

To reproduce this vulnerability, send an unauthenticated HTTP GET request to the '/api/v1/retrieval/' endpoint. The response will include the RAG pipeline configuration, such as the embedding model and chunking parameters, which can be used to exploit the vulnerability further.

Remediation

Users are advised to update Open WebUI to version 0.9.5 or later, and to add the 'get_verified_user' dependency to the retrieval endpoint for authentication.