Lucene search

GoogleOSV:CVE-2023-47116

HistoryJan 31, 2024 - 5:15 p.m.

CVE-2023-47116

2024-01-3117:15:13

Google

osv.dev

vulnerability

label studio

ssrf protection

bypass

http redirection

dns rebinding

software

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

20.9%

JSON

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio’s SSRF protections that can be enabled by setting the SSRF_PROTECTION_ENABLED environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack.

References

github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64

github.com/HumanSignal/label-studio/releases/tag/1.11.0

github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

20.9%

JSON

Related for OSV:CVE-2023-47116