Listen to this Post
How the mentioned CVE works (around 20 lines):
The vulnerability resides in the Socket.IO collaborative document editing handler (backend/open_webui/socket/main.py, lines 667-721). The `ydoc:document:update` event handler checks only whether the sender is a member of the document’s Socket.IO room (line 678) – it does not verify write permissions. In contrast, the `ydoc:document:join` handler (line 520) correctly checks `read` permission before adding a user to the room. Consequently, a read‑only user can join the document room legitimately, but once inside, they can emit a crafted `ydoc:document:update` event. The server applies the malicious Yjs update to the in‑memory document state and broadcasts it to all collaborators in real time. Although the `document_save_handler` (line 600) correctly enforces write permission before persisting to the database, the tampered content remains visible to everyone. If any write‑access user (e.g., the document owner) saves the document – whether manually or via autosave – the injected content becomes permanently stored. The attack requires only a valid account with read access to a shared note; no further privileges or user interaction is needed for the real‑time manipulation. The CVSS v3.1 score reflects Low attack complexity, Low privileges required, and impacts on Integrity and Availability (both Low) because persistence is indirect. The core flaw is the missing write‑authorization check in the real‑time update path, breaking the intended read/write permission model.
dailycve form:
Platform: Open WebUI
Version: main branch, all collaborative editing versions
Vulnerability: read‑only users modify documents
Severity: Medium
date: 2025-01-15 ( publication date assumed)
Prediction: Patch within 14 days
What Undercode Say:
Check if Socket.IO room membership lacks write verification
grep -A 10 "def on_document_update" backend/open_webui/socket/main.py
Simulate read-only user joining room and emitting update
curl -X POST http://target/socket.io/ -H "Authorization: Bearer $READONLY_TOKEN" \
--data '{"event":"ydoc:document:join","data":{"document_id":"victim_note"}}'
curl -X POST http://target/socket.io/ -H "Authorization: Bearer $READONLY_TOKEN" \
--data '{"event":"ydoc:document:update","data":{"document_id":"victim_note","update":"<malicious_yjs_binary>"}}'
Exploit:
Attacker with read‑only access joins target document room via ydoc:document:join. Then sends a crafted `ydoc:document:update` event containing a Yjs binary patch that inserts arbitrary text or deletes content. The server applies and broadcasts the change instantly. No save by attacker needed – any write‑capable collaborator who later saves persists the tampered data.
Protection from this CVE:
- Add write‑permission check inside `ydoc:document:update` handler before applying Yjs updates.
- Validate user’s role (read vs. write) against document ACL for every real‑time mutation.
- Implement server‑side rollback of unsaved in‑memory changes when a write‑privileged user leaves.
Impact:
Real‑time injection of malicious content into collaborative documents; permanent data corruption if a write‑enabled user saves; disruption of editing sessions; complete bypass of read/write permission model.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
