@huntr_aiVULNRICHMENT:CVE-2024-2206CVE-2024-2206 SSRF Vulnerability in gradio-app/gradio
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replica_urls set through the X-Direct-Url header in requests to the / and /config routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application’s inadequate checking of safe URLs in the build_proxy_request function.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:gradio_project:gradio:-:*:*:*:*:python:*:*"
],
"vendor": "gradio_project",
"product": "gradio",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "4.18",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial