179 matches found
Information Disclosure
label Studio is vulnerable to Information Disclosure. This vulnerability exists due to improper sensitive fields restrictions in the the object-relational mapper in serializers.py, allowing an attacker to access and sensitive filters...
CVE-2023-47117
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
PYSEC-2023-275
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
Design/Logic Flaw
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
PYSEC-2023-275
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
CVE-2023-47117
Label Studio versions prior to 1.9.2post0 are affected by an ORM leakage vulnerability in filtering tasks, enabling an attacker to extract sensitive fields such as password hashes by manipulating Django ORM filters. The issue is compounded by a hard-coded SECRET_KEY that could be exploited to for...
CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...
CVE-2023-47117
creationtimestamp| type| source ---|---|--- 2023-11-13 17:01:18+00:00| published-proof-of-concept| https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6hjj-gq77-j4qw...
Label Studio Security Vulnerability
Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI to mark data types such as audio, text, images, video and time series, and export to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...
CVE-2023-43791
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...
PYSEC-2023-274
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...
PYSEC-2023-274
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability was found to affect versions before 1.8.2, where a patch was introduced. Overview In Label Studio version 1.8.1, a hard coded Django SECRETKEY was set in the...
GHSA-F475-X83M-RX5M Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability was found to affect versions before 1.8.2, where a patch was introduced. Overview In Label Studio version 1.8.1, a hard coded Django SECRETKEY was set in the...
CVE-2023-43791 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...
CVE-2023-43791 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...
CVE-2023-43791
Label Studio (before 1.8.2) is affected by an ORM Leak chain that can impersonate any account, enabling privilege escalation to a Django Super Administrator. A patch was introduced in 1.8.2. Public references describe a hard-coded SECRET_KEY vulnerability and a follow-on exploit path that leverag...
Label Studio Security Vulnerability
Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...