| 제목 | Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Generation of Error Message Containing Sensitive Information (CWE-209) |
|---|
| 설명 | # Technical Details
A Verbose Error Message Information Leak vulnerability exists in the global exception handler in `backend/openui/server.py` of Weights and Biases OpenUI.
The generic_exception_handler at line 265 returns raw Python exception strings directly to clients in JSON error responses via f"Internal Server Error: {exc}". When an upstream LLM provider rejects a configured API key, the full error body (including the key value) is relayed back to the user via the APIStatusError handler at lines 209-215. In local/Docker mode, authentication is automatic, making this exploitable by any network-adjacent attacker.
# Vulnerable Code
File: backend/openui/server.py (lines 265-278, 209-215, 355-358)
Method: generic_exception_handler(), chat_completions error handling, OAuth callback
Why: Raw exception objects are formatted into HTTP responses using f-strings. APIStatusError.message containing upstream API key info is forwarded verbatim. OAuth callback sets raw str(e) as browser cookie.
# Reproduction
1. Start OpenUI via Docker. Get auto-issued session: curl -s -c /tmp/cookies.txt http://localhost:7878/v1/session
2. Trigger internal error: POST /v1/chat/completions with {"messages":[...]} (omitting "model") — leaks Python internals.
3. Trigger API key leak: POST /v1/chat/completions with {"model":"gpt-3.5-turbo",...} when upstream key is invalid — response includes the API key.
# Impact
- Upstream LLM API key exposure (OpenAI, Groq, custom providers).
- Internal server structure reconnaissance (filesystem paths, package versions).
- Credential exposure enabling further attacks. |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/8c6ff147186855e4b716e7526de213e1 |
|---|
| 사용자 | Eric-b (UID 96354) |
|---|
| 제출 | 2026. 03. 12. AM 02:49 (18 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. PM 02:48 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353881 [wandb OpenUI 까지 1.0/3.5-turb APIStatusError backend/openui/server.py generic_exception_handler key 정보 공개] |
|---|
| 포인트들 | 20 |
|---|