python · open-webuiHeads-up
open-webui: Missing file ownership check in chat completion endpoint
A security vulnerability was discovered in the chat completion endpoint where an authenticated user can read another user's files by setting image_url.
What changed
A security vulnerability was discovered in the chat completion endpoint where an authenticated user can read another user's files by setting image_url.url to a file id without ownership checks.
Who it affects
All authenticated users of Open WebUI instances where the chat completion endpoint is exposed.
What to do today
Apply the suggested patch to thread the authenticated user through get_image_base64_from_url and use get_file_by_id_and_user_id or has_access_to_file for file access control.
The trail
Collected→
Audited→
Written→
Published