Moderate severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
Improper Access Control in open-webui/open-webui
CVE-2024-7045
Description
In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts/ interface to retrieve all prompt information created by the admin, which includes the ID values. Subsequently, the attacker can exploit the /api/v1/prompts/command/{command_id} interface to obtain arbitrary prompt information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
open-webuiPyPI | <= 0.3.8 | — |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.