CVE-2024-7045 identifies an improper authorization vulnerability (CWE-862) in the open-webui project, specifically in version v0.3.8. The vulnerability allows an attacker with limited privileges to bypass administrative access controls and retrieve all prompt information created by administrators via the /api/v1/prompts/ endpoint. The application fails to verify the attacker's administrative status before returning prompt data, exposing sensitive prompt IDs and content. Furthermore, the attacker can leverage the /api/v1/prompts/command/{command_id} endpoint to access arbitrary prompt details by specifying command IDs obtained from the initial endpoint. This flaw does not require user interaction but does require the attacker to have some level of privileges (PR:L), indicating that the attacker must be authenticated but not necessarily an administrator. The vulnerability impacts confidentiality by exposing sensitive prompt data but does not affect integrity or availability. The CVSS 3.0 score of 4.3 (medium severity) reflects the network attack vector, low attack complexity, and limited confidentiality impact without integrity or availability consequences. No patches or known exploits are currently reported, but the vulnerability poses a risk to organizations relying on open-webui for AI or automation workflows, especially if prompt data contains sensitive or proprietary information.

For European organizations, the primary impact is unauthorized disclosure of sensitive prompt data, which could include proprietary commands, configurations, or intellectual property embedded in prompts. This exposure could facilitate further attacks, social engineering, or leakage of confidential business logic. While the vulnerability does not allow modification or disruption of services, the confidentiality breach could undermine trust and compliance with data protection regulations such as GDPR if sensitive personal or business data is involved. Organizations using open-webui in development, research, or production environments may face risks of internal data leakage or competitive disadvantage. The medium severity rating suggests the impact is moderate but should not be ignored, especially in sectors handling sensitive AI workflows or intellectual property.

Organizations should immediately audit their deployments of open-webui to determine if version v0.3.8 or other vulnerable versions are in use. Until an official patch is released, administrators should implement strict network-level access controls to restrict access to the /api/v1/prompts/ and related endpoints only to trusted administrative users. Employing API gateways or web application firewalls (WAFs) to enforce authentication and authorization policies can mitigate unauthorized access. Review and harden authentication mechanisms to ensure that only authorized administrators can access sensitive APIs. Additionally, monitor logs for unusual access patterns to these endpoints to detect potential exploitation attempts. If possible, isolate open-webui instances in segmented network zones to limit exposure. Finally, track vendor advisories for patches or updates addressing this vulnerability and apply them promptly once available.