Lucene search
Veracode Vulnerability DatabaseVERACODE:44268HistoryNov 14, 2023 - 9:16 a.m.
Information Disclosure
2023-11-1409:16:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
label studio
information disclosure
vulnerability
serializers.py
sensitive fields
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.9
Confidence
High
EPSS
0.119
Percentile
95.4%
label Studio is vulnerable to Information Disclosure. This vulnerability exists due to improper sensitive fields restrictions in the the object-relational mapper in serializers.py, allowing an attacker to access and sensitive filters.
Related
osv
osv
CVE-2023-47117
2023-11-13 21:15:08
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
2023-11-14 18:27:08
cve
cve
CVE-2023-47117
2023-11-13 21:15:08
github
github
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
2023-11-14 18:27:08
prion
prion
Design/Logic Flaw
2023-11-13 21:15:00
nvd
nvd
CVE-2023-47117
2023-11-13 21:15:08
cvelist
cvelist
nuclei
nuclei
Label Studio - Sensitive Information Exposure
2024-07-08 11:49:10
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.9
Confidence
High
EPSS
0.119
Percentile
95.4%
Related for VERACODE:44268