CVE-2024-8060
📋 TL;DR
OpenWebUI 0.3.0 has a critical vulnerability in its audio transcription API that allows authenticated users to upload arbitrary files with path traversal. This can overwrite critical system files within Docker containers, potentially leading to remote code execution as root. Only authenticated users can exploit this vulnerability.
💻 Affected Systems
- OpenWebUI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution as root user, complete container compromise, potential host system access if Docker is misconfigured.
Likely Case
File system corruption, service disruption, data loss, or limited code execution within container.
If Mitigated
Unauthorized file uploads blocked, but authenticated users may still attempt exploitation.
🎯 Exploit Status
Requires authenticated access and knowledge of container file structure. Exploitation involves crafting malicious file uploads with path traversal in filenames.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 0.3.0 (check latest release)
Vendor Advisory: https://huntr.com/bounties/a3b1a4b7-c723-496d-842c-844cc0988fe9
Restart Required: No
Instructions:
1. Update OpenWebUI to latest version. 2. Verify the audio API endpoint now validates file content types and sanitizes filenames. 3. No container restart needed if using hot-reload capable deployment.
🔧 Temporary Workarounds
Disable Audio Transcription API
allTemporarily disable the vulnerable endpoint until patching.
Modify OpenWebUI configuration to disable /audio/api/v1/transcriptions endpoint
Implement WAF Rules
allAdd web application firewall rules to block path traversal attempts in file uploads.
Add WAF rule: block requests with '..' or '/' in filename parameters
🧯 If You Can't Patch
- Restrict access to audio API endpoint to trusted users only
- Implement file upload validation at reverse proxy/load balancer level
🔍 How to Verify
Check if Vulnerable:
Check if running OpenWebUI version 0.3.0 and test if /audio/api/v1/transcriptions accepts files with path traversal in filename.Check Version:
docker exec <container_name> python -c "import openwebui; print(openwebui.__version__)" or check web UI about pageVerify Fix Applied:
Test that file uploads with malicious filenames (containing '..' or '/') are rejected and content-type validation is enforced.📡 Detection & Monitoring
Log Indicators:
- File upload attempts with '..' or '/' in filenames
- Unusual file write operations in container logs
- Errors from audio transcription API
Network Indicators:
- POST requests to /audio/api/v1/transcriptions with unusual filenames
- Large or unexpected file uploads to audio endpoint
SIEM Query:
source="web_logs" AND url_path="/audio/api/v1/transcriptions" AND (filename="*..*" OR filename="*/*")