Open WebUI Cross-User File Access Vulnerability in Knowledge Management Endpoints

A vulnerability in Open WebUI versions prior to 0.9.5 allows authenticated users to access and exfiltrate private files belonging to other users through unchecked file_id references in knowledge management endpoints. The issue arises because multiple endpoints accept user-supplied file_ids and attach the corresponding files to resources controlled by the caller, without verifying ownership or access rights. This flaw enables file content to be accessed via downstream paths, potentially leading to unauthorized data exposure or overwriting of files in the knowledge base.

Impact

Exploitation of this vulnerability allows for unauthorized reading of private files belonging to other users, based on knowledge of the file's UUID. Additionally, on the knowledge-base attachment path, it permits overwriting of the victim's file content, replacing it with attacker-controlled text.

Reproduction

The vulnerability can be reproduced by first identifying a victim's file UUID. Then, an authenticated user can attach this file_id to their own folder or knowledge base without any ownership verification. Once attached, the file's content can be accessed through the application's chat interface or knowledge-base pathways, depending on the method of attachment.

Remediation

Users are advised to update Open WebUI to version 0.9.5 or later, where this vulnerability has been fixed.