Lucene search
+L

179 matches found

Veracode
Veracode
added 2023/11/14 9:16 a.m.18 views

Information Disclosure

label Studio is vulnerable to Information Disclosure. This vulnerability exists due to improper sensitive fields restrictions in the the object-relational mapper in serializers.py, allowing an attacker to access and sensitive filters...

7.5CVSS6.9AI score0.04055EPSS
Exploits3References3Affected Software1
NVD
NVD
added 2023/11/13 9:15 p.m.48 views

CVE-2023-47117

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS0.04055EPSS
Exploits3References2
PyPA
PyPA
added 2023/11/13 9:15 p.m.10 views

PYSEC-2023-275

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS6.8AI score0.04055EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2023/11/13 9:15 p.m.21 views

Design/Logic Flaw

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

5CVSS6.8AI score0.04055EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2023/11/13 9:15 p.m.15 views

PYSEC-2023-275

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS7.4AI score0.04055EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2023/11/13 8:13 p.m.13 views

CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS6.6AI score0.04055EPSS
Exploits3References2
Cvelist
Cvelist
added 2023/11/13 8:13 p.m.44 views

CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS7.7AI score0.04055EPSS
Exploits3References2
CVE
CVE
added 2023/11/13 8:13 p.m.67 views

CVE-2023-47117

Label Studio versions prior to 1.9.2post0 are affected by an ORM leakage vulnerability in filtering tasks, enabling an attacker to extract sensitive fields such as password hashes by manipulating Django ORM filters. The issue is compounded by a hard-coded SECRET_KEY that could be exploited to for...

7.5CVSS7.4AI score0.04055EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2023/11/13 8:13 p.m.36 views

CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS6.5AI score0.04055EPSS
Exploits3References4
Circl
Circl
added 2023/11/13 5:1 p.m.9 views

CVE-2023-47117

creationtimestamp| type| source ---|---|--- 2023-11-13 17:01:18+00:00| published-proof-of-concept| https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6hjj-gq77-j4qw...

7.5CVSS6.8AI score0.04055EPSS
Exploits3References1
CNNVD
CNNVD
added 2023/11/13 12:0 a.m.8 views

Label Studio Security Vulnerability

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI to mark data types such as audio, text, images, video and time series, and export to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...

7.5CVSS6.7AI score0.04055EPSS
Exploits3References3
NVD
NVD
added 2023/11/09 3:15 p.m.31 views

CVE-2023-43791

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS0.01241EPSS
Exploits3References4
PyPA
PyPA
added 2023/11/09 3:15 p.m.8 views

PYSEC-2023-274

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS7AI score0.01241EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2023/11/09 3:15 p.m.12 views

PYSEC-2023-274

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

8.8CVSS9.8AI score0.01241EPSS
Exploits3References4
Github Security Blog
Github Security Blog
added 2023/11/09 2:42 p.m.41 views

Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability was found to affect versions before 1.8.2, where a patch was introduced. Overview In Label Studio version 1.8.1, a hard coded Django SECRETKEY was set in the...

9.8CVSS7.6AI score0.01241EPSS
Exploits3References7Affected Software1
OSV
OSV
added 2023/11/09 2:42 p.m.48 views

GHSA-F475-X83M-RX5M Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability was found to affect versions before 1.8.2, where a patch was introduced. Overview In Label Studio version 1.8.1, a hard coded Django SECRETKEY was set in the...

9.8CVSS9.7AI score0.01241EPSS
Exploits3References7
Vulnrichment
Vulnrichment
added 2023/11/09 2:42 p.m.16 views

CVE-2023-43791 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS7.5AI score0.01241EPSS
Exploits3References4
Cvelist
Cvelist
added 2023/11/09 2:42 p.m.34 views

CVE-2023-43791 Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges...

9.8CVSS10AI score0.01241EPSS
Exploits3References4
CVE
CVE
added 2023/11/09 2:42 p.m.69 views

CVE-2023-43791

Label Studio (before 1.8.2) is affected by an ORM Leak chain that can impersonate any account, enabling privilege escalation to a Django Super Administrator. A patch was introduced in 1.8.2. Public references describe a hard-coded SECRET_KEY vulnerability and a follow-on exploit path that leverag...

9.8CVSS9.6AI score0.01241EPSS
Exploits3References4Affected Software1
CNNVD
CNNVD
added 2023/11/09 12:0 a.m.9 views

Label Studio Security Vulnerability

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI mark audio, text, images, video and time series and other data types , and exported to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...

9.8CVSS6.9AI score0.01241EPSS
Exploits3References5
Rows per page
Query Builder