Lucene search

Veracode Vulnerability DatabaseVERACODE:45271

HistoryFeb 01, 2024 - 2:27 p.m.

Server-Side Request Forgery (SSRF)

2024-02-0114:27:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

server-side request forgery

label studio

ssrf vulnerability

ip address

validation

dns lookup

excluded subnet range

http redirection

dns rebinding attack.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

20.9%

JSON

Label Studio is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to faulty SSRF validation which executes a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack.

References

github.com/advisories/GHSA-p59w-9gqw-wj8r

github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64

github.com/HumanSignal/label-studio/releases/tag/1.11.0

github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

20.9%

JSON

Related for VERACODE:45271