Open WebUI Knowledge Base Access Control Bypass Vulnerability

A vulnerability in Open WebUI prior to version 0.9.5 allows authenticated users to bypass knowledge base access controls. The issue arises because the function that validates collection access does not check knowledge base collections, which are identified by UUIDs. As a result, any authenticated user who knows a private knowledge base UUID can access its content through retrieval query endpoints. This vulnerability also affects write endpoints, enabling users to inject or overwrite content in another user's knowledge base.

Impact

Exploitation of this vulnerability allows unauthorized access to private knowledge base contents of other users, injection of attacker-controlled content into their knowledge bases, and potential deletion and replacement of entire knowledge bases, disrupting the availability of the knowledge base feature.

Reproduction

The vulnerability can be reproduced by authenticating as a user and then using the retrieval query endpoints to access a private knowledge base UUID that belongs to another user. The same can be done using the write endpoints to inject or overwrite content in the victim's knowledge base.

Remediation

Users can update to Open WebUI version 0.9.5 or later, where this vulnerability has been fixed.