cve-2024-4254
Vulnerability from cvelistv5
Published
2024-06-04 12:01
Modified
2024-08-01 20:33
Severity ?
EPSS score ?
Summary
Secrets Exfiltration in gradio-app/gradio
References
Impacted products
▼ | Vendor | Product |
---|---|---|
gradio-app | gradio-app/gradio |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "gradio", "vendor": "gradio_project", "versions": [ { "status": "affected", "version": "*" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-4254", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-04T14:07:15.419814Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T21:02:16.051Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:33:53.185Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/59873fbd-5698-4ec3-87f9-5d70c6055d01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "gradio-app/gradio", "vendor": "gradio-app", "versions": [ { "lessThanOrEqual": "latest", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The \u0027deploy-website.yml\u0027 workflow in the gradio-app/gradio repository, specifically in the \u0027main\u0027 branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow\u0027s explicit checkout and execution of code from a fork, which is unsafe as it allows the running of untrusted code in an environment with access to push to the base repository and access secrets. This flaw could lead to the exfiltration of sensitive secrets such as GITHUB_TOKEN, HF_TOKEN, VERCEL_ORG_ID, VERCEL_PROJECT_ID, COMMENT_TOKEN, AWSACCESSKEYID, AWSSECRETKEY, and VERCEL_TOKEN. The vulnerability is present in the workflow file located at https://github.com/gradio-app/gradio/blob/72f4ca88ab569aae47941b3fb0609e57f2e13a27/.github/workflows/deploy-website.yml." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T12:01:37.541Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/59873fbd-5698-4ec3-87f9-5d70c6055d01" } ], "source": { "advisory": "59873fbd-5698-4ec3-87f9-5d70c6055d01", "discovery": "EXTERNAL" }, "title": "Secrets Exfiltration in gradio-app/gradio" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-4254", "datePublished": "2024-06-04T12:01:37.541Z", "dateReserved": "2024-04-26T12:45:14.719Z", "dateUpdated": "2024-08-01T20:33:53.185Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-4254\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2024-06-04T12:15:13.710\",\"lastModified\":\"2024-06-04T16:57:41.053\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The \u0027deploy-website.yml\u0027 workflow in the gradio-app/gradio repository, specifically in the \u0027main\u0027 branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow\u0027s explicit checkout and execution of code from a fork, which is unsafe as it allows the running of untrusted code in an environment with access to push to the base repository and access secrets. This flaw could lead to the exfiltration of sensitive secrets such as GITHUB_TOKEN, HF_TOKEN, VERCEL_ORG_ID, VERCEL_PROJECT_ID, COMMENT_TOKEN, AWSACCESSKEYID, AWSSECRETKEY, and VERCEL_TOKEN. The vulnerability is present in the workflow file located at https://github.com/gradio-app/gradio/blob/72f4ca88ab569aae47941b3fb0609e57f2e13a27/.github/workflows/deploy-website.yml.\"},{\"lang\":\"es\",\"value\":\"La neutralizaci\u00f3n inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de p\u00e1gina web (XSS b\u00e1sico) en PickPlugins Tabs \u0026amp; Accordion permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Tabs \u0026amp; Accordion: desde n/a hasta 1.3.10.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]}],\"references\":[{\"url\":\"https://huntr.com/bounties/59873fbd-5698-4ec3-87f9-5d70c6055d01\",\"source\":\"security@huntr.dev\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.