漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Open WebUI: Authenticated users can target arbitrary configured Ollama backends via unguarded url_idx path parameter
Vulnerability Description
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied url_idx path parameter and use it as a raw index into the admin-configured OLLAMA_BASE_URLS list. Access control on these routes validates only whether the user may use the requested model, never which backend the request is routed to. Any authenticated user can append an arbitrary url_idx to force their request onto an Ollama backend they were never authorized to reach, including internal, higher-privilege, or explicitly admin-disabled backends. This vulnerability is fixed in 0.9.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
Open WebUI 授权问题漏洞
Vulnerability Description
Open WebUI是Open WebUI团队开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI 0.9.6之前版本存在授权问题漏洞,该漏洞源于Ollama代理路由对url_idx路径参数直接索引访问,访问控制仅验证用户是否能使用请求的模型而未验证后端路由,导致任何认证用户可以通过附加任意url_idx强制请求到达未授权的Ollama后端。
CVSS Information
N/A
Vulnerability Type
N/A