cvelistv5 - cve-2024-31462

CVE-2024-31462 (GCVE-0-2024-31462)

Vulnerability from cvelistv5 – Published: 2024-04-12 21:41 – Updated: 2024-08-02 01:52

Title

Limited file write in Stable-diffusion-webui - GHSL-2024-010

Summary

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

URL

Tags

	https://securitylab.github.com/advisories/GHSL-20…	x_refsource_CONFIRM
	https://github.com/AUTOMATIC1111/stable-diffusion…	x_refsource_MISC
	https://github.com/AUTOMATIC1111/stable-diffusion…	x_refsource_MISC
	https://github.com/AUTOMATIC1111/stable-diffusion…	x_refsource_MISC
	https://github.com/AUTOMATIC1111/stable-diffusion…	x_refsource_MISC
	https://github.com/AUTOMATIC1111/stable-diffusion…	x_refsource_MISC
	https://github.com/AUTOMATIC1111/stable-diffusion…	x_refsource_MISC
	https://github.com/AUTOMATIC1111/stable-diffusion…	x_refsource_MISC
	https://github.com/AUTOMATIC1111/stable-diffusion…	x_refsource_MISC
	https://securitylab.github.com/advisories/GHSL-20…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	AUTOMATIC1111	stable-diffusion-webui	Affected: <= 1.8.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31462",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T14:28:20.534735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:37:23.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:57.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461"
          },
          {
            "name": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "stable-diffusion-webui",
          "vendor": "AUTOMATIC1111",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.8.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T21:41:46.345Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
        },
        {
          "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43"
        },
        {
          "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59"
        },
        {
          "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660"
        },
        {
          "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65"
        },
        {
          "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653"
        },
        {
          "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67"
        },
        {
          "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py"
        },
        {
          "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461"
        },
        {
          "name": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui"
        }
      ],
      "source": {
        "advisory": "GHSA-gj58-rg68-vrgj",
        "discovery": "UNKNOWN"
      },
      "title": "Limited file write in Stable-diffusion-webui - GHSL-2024-010"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-31462",
    "datePublished": "2024-04-12T21:41:46.345Z",
    "dateReserved": "2024-04-03T17:55:32.647Z",
    "dateUpdated": "2024-08-02T01:52:57.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.\"}, {\"lang\": \"es\", \"value\": \"stable-diffusion-webui es una interfaz web para Stable Diffusion, implementada utilizando la librer\\u00eda Gradio. Stable-diffusion-webui 1.7.0 es vulnerable a una escritura de archivos limitada que afecta a los sistemas Windows. El m\\u00e9todo create_ui (pesta\\u00f1a Copia de seguridad/Restaurar) en m\\u00f3dulos/ui_extensions.py toma la entrada del usuario en la variable config_save_name en la l\\u00ednea 653. Esta entrada del usuario se usa m\\u00e1s tarde en el m\\u00e9todo save_config_state y se usa para crear una ruta de archivo en la l\\u00ednea 65, que es posterior abierto para escritura en la l\\u00ednea 67, lo que conduce a una escritura de archivo limitada explotable en sistemas Windows. Este problema puede provocar una escritura de archivos limitada. Permite escribir archivos json en cualquier lugar del servidor al que tenga acceso el servidor web.\"}]",
      "id": "CVE-2024-31462",
      "lastModified": "2024-11-21T09:13:34.613",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}]}",
      "published": "2024-04-12T22:15:07.320",
      "references": "[{\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-31462\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-12T22:15:07.320\",\"lastModified\":\"2024-11-21T09:13:34.613\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.\"},{\"lang\":\"es\",\"value\":\"stable-diffusion-webui es una interfaz web para Stable Diffusion, implementada utilizando la librer\u00eda Gradio. Stable-diffusion-webui 1.7.0 es vulnerable a una escritura de archivos limitada que afecta a los sistemas Windows. El m\u00e9todo create_ui (pesta\u00f1a Copia de seguridad/Restaurar) en m\u00f3dulos/ui_extensions.py toma la entrada del usuario en la variable config_save_name en la l\u00ednea 653. Esta entrada del usuario se usa m\u00e1s tarde en el m\u00e9todo save_config_state y se usa para crear una ruta de archivo en la l\u00ednea 65, que es posterior abierto para escritura en la l\u00ednea 67, lo que conduce a una escritura de archivo limitada explotable en sistemas Windows. Este problema puede provocar una escritura de archivos limitada. Permite escribir archivos json en cualquier lugar del servidor al que tenga acceso el servidor web.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Limited file write in Stable-diffusion-webui - GHSL-2024-010\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-22\", \"lang\": \"en\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/\"}, {\"name\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43\"}, {\"name\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59\"}, {\"name\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660\"}, {\"name\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65\"}, {\"name\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653\"}, {\"name\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67\"}, {\"name\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py\"}, {\"name\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461\"}, {\"name\": \"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui\"}], \"affected\": [{\"vendor\": \"AUTOMATIC1111\", \"product\": \"stable-diffusion-webui\", \"versions\": [{\"version\": \"\u003c= 1.8.0\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-04-12T21:41:46.345Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.\"}], \"source\": {\"advisory\": \"GHSA-gj58-rg68-vrgj\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31462\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-31T14:28:20.534735Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-31T14:28:24.686Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-31462\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2024-04-03T17:55:32.647Z\", \"datePublished\": \"2024-04-12T21:41:46.345Z\", \"dateUpdated\": \"2024-06-04T17:37:23.284Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-31462

Vulnerability from fkie_nvd - Published: 2024-04-12 22:15 - Updated: 2024-11-21 09:13

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59
	security-advisories@github.com	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660
	security-advisories@github.com	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65
	security-advisories@github.com	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653
	security-advisories@github.com	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67
	security-advisories@github.com	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py
	security-advisories@github.com	https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43
	security-advisories@github.com	https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461
	security-advisories@github.com	https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui
	security-advisories@github.com	https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461
	af854a3a-2127-422b-91ae-364da2661108	https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui
	af854a3a-2127-422b-91ae-364da2661108	https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access."
    },
    {
      "lang": "es",
      "value": "stable-diffusion-webui es una interfaz web para Stable Diffusion, implementada utilizando la librer\u00eda Gradio. Stable-diffusion-webui 1.7.0 es vulnerable a una escritura de archivos limitada que afecta a los sistemas Windows. El m\u00e9todo create_ui (pesta\u00f1a Copia de seguridad/Restaurar) en m\u00f3dulos/ui_extensions.py toma la entrada del usuario en la variable config_save_name en la l\u00ednea 653. Esta entrada del usuario se usa m\u00e1s tarde en el m\u00e9todo save_config_state y se usa para crear una ruta de archivo en la l\u00ednea 65, que es posterior abierto para escritura en la l\u00ednea 67, lo que conduce a una escritura de archivo limitada explotable en sistemas Windows. Este problema puede provocar una escritura de archivos limitada. Permite escribir archivos json en cualquier lugar del servidor al que tenga acceso el servidor web."
    }
  ],
  "id": "CVE-2024-31462",
  "lastModified": "2024-11-21T09:13:34.613",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-12T22:15:07.320",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GSD-2024-31462

Vulnerability from gsd - Updated: 2024-04-11 05:03

Details

Aliases

CVE-2024-31462

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-31462"
      ],
      "details": "stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.",
      "id": "GSD-2024-31462",
      "modified": "2024-04-11T05:03:20.886875Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2024-31462",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "stable-diffusion-webui",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c= 1.8.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "AUTOMATIC1111"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-22",
                "lang": "eng",
                "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/",
            "refsource": "MISC",
            "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43",
            "refsource": "MISC",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59",
            "refsource": "MISC",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660",
            "refsource": "MISC",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65",
            "refsource": "MISC",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653",
            "refsource": "MISC",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67",
            "refsource": "MISC",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py",
            "refsource": "MISC",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py"
          },
          {
            "name": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461",
            "refsource": "MISC",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461"
          },
          {
            "name": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui",
            "refsource": "MISC",
            "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-gj58-rg68-vrgj",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access."
          },
          {
            "lang": "es",
            "value": "stable-diffusion-webui es una interfaz web para Stable Diffusion, implementada utilizando la librer\u00eda Gradio. Stable-diffusion-webui 1.7.0 es vulnerable a una escritura de archivos limitada que afecta a los sistemas Windows. El m\u00e9todo create_ui (pesta\u00f1a Copia de seguridad/Restaurar) en m\u00f3dulos/ui_extensions.py toma la entrada del usuario en la variable config_save_name en la l\u00ednea 653. Esta entrada del usuario se usa m\u00e1s tarde en el m\u00e9todo save_config_state y se usa para crear una ruta de archivo en la l\u00ednea 65, que es posterior abierto para escritura en la l\u00ednea 67, lo que conduce a una escritura de archivo limitada explotable en sistemas Windows. Este problema puede provocar una escritura de archivos limitada. Permite escribir archivos json en cualquier lugar del servidor al que tenga acceso el servidor web."
          }
        ],
        "id": "CVE-2024-31462",
        "lastModified": "2024-04-15T13:15:31.997",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.4,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-04-12T22:15:07.320",
        "references": [
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-22"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-31462 (GCVE-0-2024-31462)

FKIE_CVE-2024-31462

GSD-2024-31462

Tags

Sightings

Nomenclature