CVE-2024-1183

Published: Apr 16, 2024

Modified: Aug 1, 2024

PUBLISHED

CVSS v3.0

6.5

MEDIUM

Description

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

Vendor	Product	Versions
gradio-app	gradio-app/gradio	affected `unspecified - < 4.11`

Weaknesses (CWE)

CWE-601

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://huntr.com/bounties/103434f9-87d2-42ea-9907-194a3c25007c

https://github.com/gradio-app/gradio/commit/2ad3d9e7ec6c8eeea59774265b44f11df7394bb4

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-1183

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References