Gradio < 4.18.0 Vulnerability - CVE-2024-2206

#%NASL_MIN_LEVEL 80900

##
# Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(213707);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/07/30");

  script_cve_id("CVE-2024-2206");

  script_name(english:"Gradio < 4.18.0 Vulnerability - CVE-2024-2206");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Gradio installed on the remote host is prior to 4.18.0. It is, therefore, affected by 
an SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in
the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set
through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of
arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to
internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking
of safe URLs in the `build_proxy_request` function.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.");
  # https://github.com/gradio-app/gradio/releases/tag/gradio%404.19.2
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5e786999");
  script_set_attribute(attribute:"see_also", value:"https://huntr.com/bounties/2286c1ed-b889-45d6-adda-7014ea06d98e");
  # https://github.com/gradio-app/gradio/commit/49d9c48537aa706bf72628e3640389470138bdc6
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?06ba0bef");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Gradio version 4.18.0 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-2206");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(918);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/01/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:gradio_project:gradio");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Artificial Intelligence");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("python_gradio_detect.nasl", "gradio_ui_detect.nasl");
  script_require_keys("installed_sw/Gradio");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'Gradio');
var constraints = [
    { 'min_version':'1.0', 'fixed_version':'4.18.0' },
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);