From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Affected Software: - Software: Open WebUI - Affected Version: 0.1.105 2. Vulnerability Description: - Vulnerability Type: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - Description: Attackers can exploit a path traversal vulnerability to upload files to any location on the web server. 3. Technical Description: - Attack Method: By uploading files via Open WebUI's HTTP interface, attackers can exploit the path traversal vulnerability to upload files to the static upload directory. - Filename: The filename is generated from the original HTTP upload request and is not validated or sanitized. - File Path: The file path includes dot segments in the path, allowing traversal to unauthorized directories. - File Content: The file content is not validated, enabling attackers to execute malicious code. 4. Mitigation: - Fixed Version: Open WebUI v0.1.117 - Fix Date: April 3, 2024 5. Discoverers: - Discoverers: Jaggar Henry and Sean Segreti 6. Disclosure Timeline: - March 5, 2024: KoreLogic requested a security contact channel and contacted OpenWebUI.com. - March 12, 2024: KoreLogic submitted vulnerability details and a proposed patch to the maintainers. - April 1, 2024: KoreLogic initiated a discussion on GitHub, requesting an update from the maintainers. - April 1, 2024: The maintainers created a private branch and merged KoreLogic’s patch. - April 3, 2024: The maintainers released version v0.1.117. - August 7, 2024: KoreLogic publicly disclosed the vulnerability. 7. PoC: - PoC Command: Use a cURL command to execute the PoC and verify whether the file is uploaded to the intended location. This information provides a detailed description of the Open WebUI vulnerability, including technical details, mitigation steps, and the disclosure process.