Weights and Biases OpenUI Information Exposure Vulnerability in APIStatusError Handler

A vulnerability in Weights and Biases OpenUI versions through 1.0/3.5-turb allows for information exposure via the APIStatusError handler. The issue arises in the generic_exception_handler function within backend/openui/server.py, where raw Python exception messages are sent to the client in JSON format. This vulnerability requires access to the local network and can be exploited by authenticated users, as session cookies are automatically issued in the default Docker deployment.

Impact

Exploitation of this vulnerability leads to the unauthorized disclosure of internal server details, including Python exception messages, filesystem paths, and database schema information. Additionally, it allows for the exposure of API keys from upstream LLM providers, such as OpenAI or Groq, when their associated keys are misconfigured.

Reproduction

To reproduce this vulnerability, first deploy an instance of OpenUI using Docker with the default settings. This will automatically create a session cookie. Then, send a POST request to the '/v1/chat/completions' endpoint, omitting the 'model' field. This will trigger an internal error, which will be returned in the response, including sensitive server information. Alternatively, the vulnerability can be reproduced by including a 'model' field with a value that prompts the server to relay an error message containing an upstream API key.