[GH-ISSUE #8809] Authorization Bypass in Tool Valves Update Endpoint #53938

New Issue

Closed

opened 2026-05-05 15:35:34 -05:00 by GiteaMirror · 1 comment

GiteaMirror commented 2026-05-05 15:35:34 -05:00

Owner

Copy Link

Originally created by @antpyykk-kone on GitHub (Jan 23, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/8809

Installed latest release as of writing (0.5.6) via docker via WSL2.

Environment

• Open WebUI Version: 0.5.6
• Operating System: Windows 11 (WSL2 - Ubuntu 22.04)

Confirmation:

• I have read and followed all the instructions provided in the README.md.
• I am on the latest version of both Open WebUI and Ollama.
• I have included the browser console logs.
• I have included the Docker container logs.
• I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below.

POST /tools/id/{id}/valves/update method

Expected Behavior:

• Normal users are not able to update tool valves (per OUI docs - only admins can do this)

Actual Behavior:

• Any verified user can call the update_tools_valves_by_id & update the system wide tools valves

Description

Bug Summary:

Authorization bypass exists where any verified user is able to update the system-wide tool valves via update_tools_valves_by_id method.

Only admins should be able to update system wide valves.

Reproduction Details

1. Two users exist in the system - one with admin role & one with user
2. A tool with a valve has been added by the admin
3. User has access to the tool or has knowledge of its unique ID
4. User makes a POST call to /tools/id/{id}/valves/update. The body containing updated valve values
5. The update succeeds & the tool's valves updated

Logs and Screenshots

N/A

Additional Information

Originally created by @antpyykk-kone on GitHub (Jan 23, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/8809 Installed latest release as of writing (0.5.6) via docker via WSL2. ## Environment - **Open WebUI Version:** 0.5.6 - **Operating System:** Windows 11 (WSL2 - Ubuntu 22.04) **Confirmation:** - [x] I have read and followed all the instructions provided in the README.md. - [x] I am on the latest version of both Open WebUI and Ollama. - [ ] I have included the browser console logs. - [ ] I have included the Docker container logs. - [x] I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below. `POST /tools/id/{id}/valves/update` method ## Expected Behavior: - Normal users are not able to update tool valves ([per OUI docs - only admins can do this](https://docs.openwebui.com/features/plugin/tools/#valves-and-uservalves---optional-but-highly-encouraged)) ## Actual Behavior: - Any verified user can call the [update_tools_valves_by_id](https://github.com/open-webui/open-webui/blob/4a2792b4dacaac7457fca2c736bc74b44a236771/backend/open_webui/routers/tools.py#L302-L335) & update the system wide tools valves ## Description **Bug Summary:** Authorization bypass exists where any verified user is able to update the system-wide tool valves via [update_tools_valves_by_id](https://github.com/open-webui/open-webui/blob/4a2792b4dacaac7457fca2c736bc74b44a236771/backend/open_webui/routers/tools.py#L302-L335) method. [Only admins should be able to update system wide valves.]((https://docs.openwebui.com/features/plugin/tools/#valves-and-uservalves---optional-but-highly-encouraged)) ## Reproduction Details 1. Two users exist in the system - one with admin role & one with user 2. A tool with a valve has been added by the admin 3. User has access to the tool or has knowledge of its unique ID 4. User makes a POST call to `/tools/id/{id}/valves/update`. The body containing updated valve values 5. The update succeeds & the tool's valves updated ## Logs and Screenshots N/A ## Additional Information

GiteaMirror closed this issue 2026-05-05 15:35:35 -05:00

GiteaMirror commented 2026-05-05 15:35:38 -05:00

Author

Owner

Copy Link

@tjbck commented on GitHub (Jan 23, 2025):

Addressed with 8fc5532e2f

<!-- gh-comment-id:2610665692 --> @tjbck commented on GitHub (Jan 23, 2025): Addressed with 8fc5532e2fb70ee5b82aeb286cdde0995c9c8657

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#53938