CVE-2024-7045
📋 TL;DR
This vulnerability in open-webui v0.3.8 allows attackers to bypass access controls and view all prompts created by administrators. Attackers can retrieve prompt IDs via the /api/v1/prompts/ endpoint and then access detailed prompt information via /api/v1/prompts/command/{command_id}. Anyone running the vulnerable version is affected.
💻 Affected Systems
- open-webui/open-webui
📦 What is this software?
Open Webui by Openwebui
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all administrative prompts including potentially sensitive configuration data, command templates, or proprietary workflow information.
Likely Case
Unauthorized access to prompt libraries revealing operational procedures, system configurations, or proprietary business logic.
If Mitigated
Minimal impact with proper authentication and authorization controls preventing unauthorized API access.
🎯 Exploit Status
Simple HTTP requests to the vulnerable endpoints are sufficient for exploitation. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.3.9 or later
Vendor Advisory: https://huntr.com/bounties/03ea0826-af7b-4717-b63e-90fd19675ab2
Restart Required: Yes
Instructions:
1. Update open-webui to version v0.3.9 or later. 2. Restart the application. 3. Verify the fix by testing API access controls.
🔧 Temporary Workarounds
API Endpoint Restriction
allBlock or restrict access to the vulnerable API endpoints using web server or firewall rules.
# Example nginx location block
location /api/v1/prompts/ {
deny all;
}
Authentication Enforcement
allImplement authentication middleware for all API endpoints.
# Application-level authentication check
if (!isAuthenticated(request)) {
return 401;
}
🧯 If You Can't Patch
- Implement network segmentation to isolate the open-webui instance from untrusted networks.
- Deploy a web application firewall (WAF) with rules to detect and block unauthorized API access patterns.
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://[your-instance]/api/v1/prompts/ without authentication. If you receive prompt data, the system is vulnerable.Check Version:
Check the application version in the web interface or configuration files. For Docker: docker inspect [container] | grep versionVerify Fix Applied:
After patching, attempt the same unauthenticated API access. You should receive a 401/403 error or no data.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated requests to /api/v1/prompts/ endpoints
- Multiple 200 OK responses to prompt API from single IP
Network Indicators:
- Unusual volume of GET requests to prompt endpoints
- API calls without authentication headers
SIEM Query:
source="web_logs" AND (uri_path="/api/v1/prompts/" OR uri_path="/api/v1/prompts/command/*") AND http_status=200 AND NOT auth_token=*