gradio Server-Side Request Forgery vulnerability

2024-04-1600:30:32

Google

osv.dev

gradio

ssrf

vulnerability

port scanning

file parameter

get request

internal network

open ports

attack

response

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.8%

JSON

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the ‘file’ parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a ‘Location’ header or a ‘File not allowed’ error in the response.

CPENameOperatorVersion
gradioeq3.0b5
gradioeq2.6.4b0
gradioeq3.1.4b4
gradioeq1.4.4
gradioeq3.12.0b7
gradioeq3.13.1b2
gradioeq3.23.0
gradioeq2.3.4
gradioeq2.3.0a0
gradioeq2.7.0a102