Executive Summary

This vulnerability is a Broken Object Level Authorization (BOLA) issue in Open WebUI versions 0.9.5 and earlier, specifically in the built-in search_knowledge_files tool.

When native function calling is enabled and the selected AI model has no attached knowledge bases, an authenticated user can call the search_knowledge_files function with any arbitrary knowledge_id.

Because the function does not properly check whether the user has read access to that knowledge base, it returns file metadata from private or restricted knowledge bases without authorization.

This allows unauthorized users to enumerate metadata such as filenames, knowledge base names, and timestamps from sensitive files.

The vulnerability was fixed in version 0.9.6 by adding proper authorization checks.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an authenticated attacker with low privileges to access metadata of private or restricted knowledge base files without proper authorization.

The exposed metadata may include sensitive information such as filenames, knowledge base names, and timestamps, potentially revealing confidential information like financial reports or internal documents.

Although the vulnerability does not allow modification or deletion of data, unauthorized disclosure of metadata can lead to information leakage and privacy concerns.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to call the built-in search_knowledge_files tool with an arbitrary knowledge_id when native function calling is enabled and the selected model has no attached knowledge bases.

An authenticated user can test if the system improperly returns file metadata from knowledge bases without proper authorization checks by invoking search_knowledge_files with various knowledge_id values.

Since the vulnerability involves unauthorized enumeration of private or restricted knowledge base files, commands or API calls that simulate this behavior and check for returned metadata can help detect the issue.

Specific commands are not provided in the resources, but testing should focus on authenticated calls to search_knowledge_files with arbitrary knowledge_id parameters in versions prior to 0.9.6.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Open WebUI to version 0.9.6 or later, where the issue has been fixed by adding proper authorization checks in the search_knowledge_files tool.

Until the upgrade can be performed, consider disabling native function calling or restricting access to the search_knowledge_files tool to trusted users only.

Review and enforce access control policies on knowledge bases to prevent unauthorized enumeration of file metadata.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthorized enumeration of private or restricted knowledge base files, potentially exposing confidential information such as filenames, knowledge base names, timestamps, financial reports, or internal documents.

This unauthorized access to sensitive information could lead to non-compliance with data protection regulations like GDPR or HIPAA, which require strict access controls and protection of confidential data.

However, the impact is limited to metadata exposure and does not include direct data modification or deletion.

Useful 0 Not Useful 0