Open WebUI Improper Access Control Vulnerability Allowing Unauthorized Prompt Access

A vulnerability in Open WebUI version 0.3.8 allows attackers to bypass access controls and view prompts created by administrators. The application fails to verify user roles, enabling attackers to access the /api/v1/prompts/ endpoint and retrieve all prompt information, including ID values. This information can then be exploited using the /api/v1/prompts/command/{command_id} endpoint to obtain specific prompt details.

Impact

Exploitation of this vulnerability allows unauthorized users to access and view administrative prompts, potentially leading to the disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, send a GET request to the /api/v1/prompts/ endpoint without proper authorization. The response will include all prompts created by the admin. After retrieving the prompt IDs, send a GET request to the /api/v1/prompts/command/{command_id} endpoint, replacing {command_id} with one of the retrieved prompt IDs, to access the specific prompt information.