Missing Authentication for Critical Function

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the api/v1/utils/pdf endpoint. An attacker can exhaust server resources and cause a denial of service by sending a POST request with an excessively large...

GHSA-5V9M-57MQ-QC75 Open WebUI denial of service through endpoint for converting markdown

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...

GHSA-GJ27-76GQ-5V3P Open WebUI stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...

Open WebUI denial of service through endpoint for converting markdown

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...

Open WebUI stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the /api/v1/models/add endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious...

GHSA-FF5C-56M7-VC75 Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint /audio/api/v1/transcriptions that allows for arbitrary file upload. The application performs insufficient validation on the file.contenttype and allows user-controlled filenames, leading to a path traversal vulnerability...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker with a user-level account can manipulate session cookies to hijack administrator sessions, leading to unauthorized actions and potential system compromise by embedding a...

GHSA-X757-HV69-JR45 Open WebUI has SSRF in /openai/models

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

GHSA-C7FQ-P62P-WVPC Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt...

GHSA-GV26-QW3H-8QVP Open WebUI Allows Viewing of Admin Details

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to retrieve the first admin...

Server-side Request Forgery (SSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /openai/models endpoint. An attacker can manipulate the OpenAI URL to any destination without validation, enabling the endpoint to initiate requests to the specified U...

Cross-site Request Forgery (CSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the authentication process using cookies with the SameSite attribute set to lax. An attacker can execute arbitrary code with the victim's privileges by crafting a...

Undefined Behavior for Input to API

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Undefined Behavior for Input to API due to improper access control on the /api/v1/auths/admin/details interface. An attacker can view administrative details by directly calling the interface without needing...

GHSA-85JC-8H5P-8VW8 Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

GHSA-6WJ5-5PGR-JWQ8 Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file

A vulnerability in open-webui/open-webui version 79778fa allows an attacker to cause a Denial of Service DoS by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character,...

Open WebUI has SSRF in /openai/models

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

GHSA-43G4-487M-5Q6M Open WebUI Vulnerable to a Session Fixation Attack

A vulnerability in open-webui/open-webui version 0.3.8 allows an attacker with a user-level account to perform a session fixation attack. The session cookie for all users is set with the default SameSite=Lax and does not have the Secure flag enabled, allowing the session cookie to be sent over HT...

GHSA-P5VX-9HJ8-CF4H Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

Cross-site Request Forgery (CSRF)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the endpoints /rag/api/v1/reset, /rag/api/v1/reset/db, /api/v1/memories/reset, and /rag/api/v1/reset/uploads. An attacker can manipulate the application's state and...

Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file

A vulnerability in open-webui/open-webui version 79778fa allows an attacker to cause a Denial of Service DoS by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character,...