Coordinated Disclosure Timeline
- 2024-03-18: Submitted the report via PVR.
- 2024-04-01: PVR is accepted, fix created and CVE requested.
- 2024-04-16: Advisory is published.
Summary
Open-webui is vulnerable to authenticated blind server-side request forgery.
Project
open-webui
Tested Version
Details
Blind SSRF in backend/apps/web/routers/utils.py (GHSL-2024-033)
The download endpoint accepts user input in the url GET parameter, which is later used in the download_file_stream function to send a GET request, which leads to a blind server-side request forgery.
async def download_file_stream(url, file_path, file_name, chunk_size=1024 * 1024):
done = False
if os.path.exists(file_path):
current_size = os.path.getsize(file_path)
else:
current_size = 0
headers = {"Range": f"bytes={current_size}-"} if current_size > 0 else {}
timeout = aiohttp.ClientTimeout(total=600) # Set the timeout
async with aiohttp.ClientSession(timeout=timeout) as session:
async with session.get(url, headers=headers) as response:
total_size = int(response.headers.get("content-length", 0)) + current_size
Impact
This issue allows for sending requests on behalf of open-webui server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the open-webui server can reach.
CVE
- CVE-2024-30256
Credit
This issue was discovered and reported by GHSL team member @sylwia-budzynska (Sylwia Budzynska). This vulnerability was found with help of CodeQL.
Contact
You can contact the GHSL team at [email protected], please include a reference to GHSL-2024-033 in any communication regarding this issue.