Arbitrary File Write in open-webui Affects User Data Management
CVE-2024-7034
Summary
In open-webui version 0.3.8, the /models/upload
endpoint is susceptible to arbitrary file write due to inadequate management of user-supplied filenames. This flaw results from using an unsanitized input in the file path creation process, specifically file_path = f"{UPLOAD_DIR}/{file.filename}"
. Attackers can exploit this by inserting directory traversal sequences in the file.filename
parameter, allowing them to manipulate the file path, escape the designated UPLOAD_DIR
, and overwrite critical system files. Such unauthorized modifications can compromise system binaries, configuration files, and sensitive information, enhancing the risk of remote command execution.
Affected Version(s)
open-webui/open-webui <= unspecified
References
CVSS V3.0
Timeline
Vulnerability published
Vulnerability Reserved