CVE-2024-7033
📋 TL;DR
This vulnerability allows attackers to write arbitrary files to the server's filesystem by manipulating file paths in the download_model endpoint. It affects open-webui/open-webui version 0.3.8 deployments on Windows systems. Successful exploitation can lead to denial of service or remote code execution.
💻 Affected Systems
- open-webui/open-webui
📦 What is this software?
Open Webui by Openwebui
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through remote code execution, allowing attacker to execute arbitrary commands with application user privileges, potentially leading to data theft, lateral movement, or complete system control.
Likely Case
Denial of service through overwriting critical application or system files, potentially disrupting service availability and requiring system restoration.
If Mitigated
Limited impact if proper file system permissions restrict application user privileges and network access controls prevent unauthorized access.
🎯 Exploit Status
Exploitation requires understanding of Windows path traversal and file system structure. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.3.9 or later
Vendor Advisory: https://huntr.com/bounties/7078261f-8414-4bb7-9d72-a2a4d8bfd5d1
Restart Required: No
Instructions:
1. Update open-webui to version 0.3.9 or later. 2. Verify the update by checking the version. 3. No restart required as this is a web application.
🔧 Temporary Workarounds
Disable download_model endpoint
allTemporarily disable the vulnerable endpoint until patching can be completed
Modify application configuration to disable or restrict access to /api/download_model endpoint
Implement strict file path validation
allAdd input validation to restrict file paths to safe directories
Implement path sanitization in the download_model endpoint code
🧯 If You Can't Patch
- Run application with minimal file system permissions (least privilege principle)
- Deploy on Linux/macOS instead of Windows if possible
🔍 How to Verify
Check if Vulnerable:
Check if running open-webui version 0.3.8 on Windows. Review application logs for suspicious download_model requests with unusual file paths.Check Version:
Check package.json or application configuration for version informationVerify Fix Applied:
Verify open-webui version is 0.3.9 or later. Test download_model endpoint with malicious path inputs to confirm rejection.📡 Detection & Monitoring
Log Indicators:
- Unusual file path patterns in download_model requests
- Failed file write attempts outside expected directories
- Multiple rapid requests to download_model endpoint
Network Indicators:
- HTTP POST requests to /api/download_model with path traversal sequences (../, ..\)
- Unusual file extensions or paths in download requests
SIEM Query:
source="webui-logs" AND (uri_path="/api/download_model" AND (message="*..*" OR message="*../*" OR message="*..\\*"))