2 matches found
CVE-2023-43791
Label Studio (before 1.8.2) is affected by an ORM Leak chain that can impersonate any account, enabling privilege escalation to a Django Super Administrator. A patch was introduced in 1.8.2. Public references describe a hard-coded SECRET_KEY vulnerability and a follow-on exploit path that leverag...
CVE-2023-43791 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...