Lucene search
MitreVULNRICHMENT:CVE-2023-46315HistoryOct 22, 2023 - 12:00 a.m.
CVE-2023-46315
2023-10-2200:00:00
mitre
github.com
1
cve-2023-46315
remote attackers
local file access
gradio authentication
secret key configuration
stable diffusion web ui
url vulnerability
information disclosure
AI Score
7.1
Confidence
Low
EPSS
0.001
Percentile
44.0%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.
Related
prion
prion
Authentication flaw
2023-10-22 22:15:00
cve
cve
CVE-2023-46315
2023-10-22 22:15:08
cvelist
cvelist
CVE-2023-46315
2023-10-22 00:00:00
nvd
nvd
CVE-2023-46315
2023-10-22 22:15:08
AI Score
7.1
Confidence
Low
EPSS
0.001
Percentile
44.0%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-46315