Open WebUI Model Permission Misconfiguration Leading to System Prompt Leakage Vulnerability

A vulnerability in Open WebUI versions prior to 0.9.5 allows users to unintentionally share confidential model system prompts. When a model is shared with a group for read access, other users in that group can access the model's system prompt, which may be considered private. This issue arises from an inconsistency in the permission handling within the application's model management system.

Impact

Exploitation of this vulnerability leads to unauthorized access to model system prompts, causing a confidentiality breach for users who consider this information private.

Reproduction

To reproduce this vulnerability, create a model and assign read permission to a group. Then, access the model details through the API using a user from that group, which will reveal the system prompt despite the model not being listed in the user's workspace.

Remediation

Users can update to Open WebUI version 0.9.5 or later, where this vulnerability has been fixed.