Lucene search

GitHub_MCVELIST:CVE-2024-31462

HistoryApr 12, 2024 - 9:41 p.m.

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

2024-04-1221:41:46

CWE-22

GitHub_M

www.cve.org

stable-diffusion-webui

limited file write

windows systems

ghsl-2024-010

cve-2024-31462

json files

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.

CNA Affected

[
  {
    "vendor": "AUTOMATIC1111",
    "product": "stable-diffusion-webui",
    "versions": [
      {
        "version": "<= 1.8.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59

github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660

github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65

github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653

github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67

github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py

github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43

github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461

securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui

securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/