CVE-2024-8017
📋 TL;DR
A cross-site scripting (XSS) vulnerability in open-webui versions up to 0.3.8 allows attackers to inject malicious scripts into tooltips. When exploited, this enables attackers to perform actions with the victim's privileges, including stealing chat history, deleting chats, and potentially escalating privileges to admin if the victim has admin rights. All users running vulnerable versions of open-webui are affected.
💻 Affected Systems
- open-webui
📦 What is this software?
Open Webui by Openwebui
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains admin privileges through a victim admin user, then performs complete system compromise including data theft, account takeover, and potential lateral movement.
Likely Case
Attackers steal sensitive chat history, delete conversations, and potentially modify user permissions through targeted XSS attacks against regular users.
If Mitigated
With proper input validation and output encoding, the attack surface is limited, but residual risk remains if other XSS vectors exist.
🎯 Exploit Status
Exploitation requires user interaction (victim must view malicious tooltip), but the technical complexity is low once the XSS payload is crafted.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: > 0.3.8
Vendor Advisory: https://huntr.com/bounties/ef06c7c8-1cb2-42a7-a6e6-17b2e1c744f7
Restart Required: Yes
Instructions:
1. Update open-webui to version >0.3.8. 2. Restart the open-webui service. 3. Verify the update was successful.
🔧 Temporary Workarounds
Content Security Policy (CSP)
allImplement strict CSP headers to prevent script execution from untrusted sources.
Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to web server configuration
Input Validation Filter
allAdd server-side input validation to sanitize tooltip content before rendering.
Implement HTML entity encoding for user-controlled tooltip content in the application code
🧯 If You Can't Patch
- Disable or restrict tooltip functionality in the UI if not essential
- Implement network segmentation to isolate open-webui instances from sensitive systems
🔍 How to Verify
Check if Vulnerable:
Check the open-webui version in the application interface or configuration files. If version is <=0.3.8, the system is vulnerable.Check Version:
Check the web interface or configuration files for version information. For Docker deployments: docker inspect open-webui-container | grep versionVerify Fix Applied:
After updating, verify the version is >0.3.8 and test tooltip functionality with safe test payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual tooltip-related requests with script tags or JavaScript code
- Multiple failed login attempts or privilege escalation attempts following tooltip interactions
Network Indicators:
- HTTP requests containing malicious script payloads in tooltip parameters
- Outbound connections to suspicious domains following tooltip interactions
SIEM Query:
source="open-webui" AND (http_uri="*tooltip*" AND (http_query="*<script>*" OR http_query="*javascript:*"))