Open WebUI System Prompt Leakage Vulnerability for Regular Users

A vulnerability in Open WebUI prior to version 0.8.9 allows regular users (non-admin) to access sensitive system prompts of AI models. When a non-admin user logs in, the application automatically sends a request to the models API. The response includes system prompts for all available models, as set by the admin, thereby compromising application confidentiality.

Impact

This vulnerability allows non-admin users to view system prompts, which can include model instructions and capabilities. Such exposure could enable content manipulation, affecting how the model processes inputs and outputs.

Reproduction

To reproduce this vulnerability, log into the Open WebUI application as a regular user (non-admin). Once logged in, the application will generate a request to the models API. The response to this request will include the system prompts for all models, revealing sensitive information that should not be accessible to non-admin users.

Remediation

Users can update to Open WebUI version 0.8.9 or later, where this vulnerability has been fixed.