Lucene search

[email protected]NVD:CVE-2023-47116

HistoryJan 31, 2024 - 5:15 p.m.

CVE-2023-47116

2024-01-3117:15:13

CWE-918

[email protected]

web.nvd.nist.gov

label studio

ssrf

protection bypass

vulnerability

cve-2023-47116

dns lookup

http redirection

dns rebinding

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.9%

JSON

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio’s SSRF protections that can be enabled by setting the SSRF_PROTECTION_ENABLED environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack.

Affected configurations

Nvd

Node

humansignallabel_studioRange<1.11.0

VendorProductVersionCPE
humansignallabel_studio*cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
humansignal	label_studio	*	cpe:2.3:a:humansignal:label_studio::::::::

References

github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64

github.com/HumanSignal/label-studio/releases/tag/1.11.0

github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.9%

JSON

Related for NVD:CVE-2023-47116

cve1 veracode1 prion1 osv2 github1 cvelist1