Files
open-webui/backend/open_webui
Classic298 b7626f05fb Authorize KB write access before auto-linking an uploaded file (CWE-862/863) (#26001)
process_uploaded_file auto-links an uploaded file to the knowledge base named in
client-supplied metadata.knowledge_id, but it called Knowledges.add_file_to_knowledge_by_id
directly with no authorization, while the dedicated POST /knowledge/{id}/file/add endpoint
gates the same operation on owner / admin / write grant. A read-only collaborator (or any
verified user who knows the KB id) could therefore attach arbitrary files to a knowledge base
they cannot write: the KnowledgeFile membership row was committed, and the later vector-index
write check failed closed but left the row in place.

Gate the auto-link on the same owner/admin/write check before inserting the membership row;
otherwise skip the link and log. The file still uploads as the user's own file, it just is
not linked to a KB they cannot write.

Co-authored-by: jagstack <52110932+jagstack@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-16 22:56:24 +02:00
..
2026-06-01 13:56:55 -07:00
2026-06-01 13:56:55 -07:00
2026-06-15 23:34:24 +02:00
2026-06-01 13:56:55 -07:00
2026-06-01 14:10:40 -07:00
2026-06-01 13:56:55 -07:00
2026-05-09 02:38:08 +09:00
2026-06-15 23:31:59 +02:00
2026-06-01 14:13:28 -07:00
2026-06-05 16:58:16 -04:00