CVE-2024-7034

Name of the Vulnerable Software and Affected Versions open-webui version 0.3.8

Description The issue arises from the improper handling of user-supplied filenames in the /models/upload endpoint, specifically due to the usage of file path = f"{UPLOAD DIR}/{file.filename}" without proper input validation or sanitization. An attacker can exploit this by manipulating the file.filename parameter to include directory traversal sequences, causing the resulting file path to escape the intended UPLOAD DIR and potentially overwrite arbitrary files on the system. This can lead to unauthorized modifications of system binaries, configuration files, or sensitive data, potentially enabling remote command execution.

Recommendations As a temporary workaround, consider disabling the /models/upload endpoint until a patch is available. Restrict access to the file path variable to minimize the risk of exploitation. Avoid using the file.filename parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.