Open WebUI Authorization Bypass Vulnerability Allowing Unauthorized File Deletion

An authorization bypass vulnerability has been identified in Open WebUI versions prior to 0.9.0, allowing any authenticated user to permanently delete files owned by other users. This issue arises when the target file is referenced in a shared chat, as the 'has_access_to_file()' authorization check improperly grants access without verifying the user's identity or the nature of the operation. File UUIDs, which are not easily guessable, can be obtained by any user with read access to a knowledge base through the API.

Impact

Exploitation of this vulnerability leads to unauthorized permanent deletion of files from the database and all associated knowledge bases, with no recovery option available. This deletion occurs without any audit trail, leaving no record of which user initiated the action.

Reproduction

To reproduce this vulnerability, log in as an authenticated user and create a knowledge base document. Share a chat that references this document. Another authenticated user can then retrieve the file UUID through the knowledge base API, and use it to delete the file via the files API, bypassing authorization checks.

Remediation

Users can update to Open WebUI version 0.9.0 or later, where this vulnerability has been fixed.