Improper Access Control in open-webui/open-webui

Vulnerability

Overview

CVE-2024-7045 is an improper access control vulnerability in Open WebUI version 0.3.8, a self-hosted AI interface platform [1]. The application fails to verify whether the requester is an administrator when accessing the /api/v1/prompts/ endpoint. This allows an attacker to directly call that interface and retrieve all prompt information created by the admin, including the unique ID values for each prompt [2].

Exploitation

Requirements

The attack requires no authentication or special privileges. An attacker simply sends an HTTP request to the /api/v1/prompts/ endpoint. Once the IDs are obtained, the attacker can then call /api/v1/prompts/command/{command_id} for any discovered ID, retrieving the full content of arbitrary prompts [2]. No network position beyond standard HTTP access to the Open WebUI instance is needed.

Impact

Successful exploitation results in complete disclosure of all prompts created by the administrator. Depending on the content of those prompts, this could expose sensitive system instructions, application logic, internal data, or user information managed by the platform [2]. The attacker does not need to be an authenticated user to achieve this.

Mitigation

As of the latest references, Open WebUI v0.3.8 is the affected version [1][2]. Users should upgrade to a patched version as soon as one becomes available. The advisory from the Huntr bounty platform indicates that this vulnerability was reported and tracked, but no patch version is explicitly mentioned in the provided references [3].