CVE-2024-7035
📋 TL;DR
This CSRF vulnerability in open-webui/open-webui v0.3.8 allows attackers to trick authenticated users into performing sensitive actions like deleting data and resetting configurations by visiting malicious websites. All users running the vulnerable version are affected, particularly those with administrative privileges.
💻 Affected Systems
- open-webui/open-webui
📦 What is this software?
Open Webui by Openwebui
⚠️ Risk & Real-World Impact
Worst Case
Complete data loss and application unavailability through mass deletion of RAG databases, memories, and uploads, requiring full restoration from backups.
Likely Case
Targeted deletion of specific data sets or configuration resets causing service disruption and data integrity issues.
If Mitigated
No impact if proper CSRF protections are implemented and users avoid suspicious links.
🎯 Exploit Status
Exploitation requires the victim to be authenticated and visit a malicious site. CSRF attacks are well-understood and easy to implement.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.3.9 or later
Vendor Advisory: https://huntr.com/bounties/2ac81740-410b-467a-9244-75d82a6f9e11
Restart Required: Yes
Instructions:
1. Backup current configuration and data. 2. Update to v0.3.9 or later using package manager or manual installation. 3. Restart the open-webui service. 4. Verify the fix by checking version and testing protected endpoints.
🔧 Temporary Workarounds
Web Server CSRF Protection
allConfigure reverse proxy or web server to add CSRF tokens or require POST for sensitive endpoints
# Example nginx location block to block GET requests to sensitive endpoints
location ~ ^/(rag/api/v1/reset|rag/api/v1/reset/db|api/v1/memories/reset|rag/api/v1/reset/uploads)$ {
if ($request_method = GET) {
return 405;
}
}
🧯 If You Can't Patch
- Implement strict SameSite cookie policies and require re-authentication for sensitive actions
- Use browser extensions that block CSRF requests and educate users about phishing risks
🔍 How to Verify
Check if Vulnerable:
Check if running v0.3.8 and test if GET requests to /rag/api/v1/reset (and other endpoints) perform actions without CSRF tokensCheck Version:
Check package.json or run: grep -r "version" /path/to/open-webui/package.jsonVerify Fix Applied:
After updating, verify GET requests to sensitive endpoints return error codes (405) and only POST with valid CSRF tokens work📡 Detection & Monitoring
Log Indicators:
- Multiple GET requests to /rag/api/v1/reset* endpoints from same user in short timeframe
- Unusual deletion/reset events without corresponding POST requests
Network Indicators:
- GET requests to sensitive endpoints with Referer headers from external domains
- Lack of CSRF tokens in requests to protected endpoints
SIEM Query:
source="webui.log" AND (uri_path="/rag/api/v1/reset" OR uri_path="/rag/api/v1/reset/db" OR uri_path="/api/v1/memories/reset" OR uri_path="/rag/api/v1/reset/uploads") AND http_method="GET"