FKIE_CVE-2024-31462

Vulnerability from fkie_nvd - Published: 2024-04-12 22:15 - Updated: 2024-11-21 09:13
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.
References
security-advisories@github.comhttps://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59
security-advisories@github.comhttps://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660
security-advisories@github.comhttps://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65
security-advisories@github.comhttps://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653
security-advisories@github.comhttps://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67
security-advisories@github.comhttps://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py
security-advisories@github.comhttps://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43
security-advisories@github.comhttps://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461
security-advisories@github.comhttps://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui
security-advisories@github.comhttps://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/
af854a3a-2127-422b-91ae-364da2661108https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59
af854a3a-2127-422b-91ae-364da2661108https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660
af854a3a-2127-422b-91ae-364da2661108https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65
af854a3a-2127-422b-91ae-364da2661108https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653
af854a3a-2127-422b-91ae-364da2661108https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67
af854a3a-2127-422b-91ae-364da2661108https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py
af854a3a-2127-422b-91ae-364da2661108https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43
af854a3a-2127-422b-91ae-364da2661108https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461
af854a3a-2127-422b-91ae-364da2661108https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui
af854a3a-2127-422b-91ae-364da2661108https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access."
    },
    {
      "lang": "es",
      "value": "stable-diffusion-webui es una interfaz web para Stable Diffusion, implementada utilizando la librer\u00eda Gradio. Stable-diffusion-webui 1.7.0 es vulnerable a una escritura de archivos limitada que afecta a los sistemas Windows. El m\u00e9todo create_ui (pesta\u00f1a Copia de seguridad/Restaurar) en m\u00f3dulos/ui_extensions.py toma la entrada del usuario en la variable config_save_name en la l\u00ednea 653. Esta entrada del usuario se usa m\u00e1s tarde en el m\u00e9todo save_config_state y se usa para crear una ruta de archivo en la l\u00ednea 65, que es posterior abierto para escritura en la l\u00ednea 67, lo que conduce a una escritura de archivo limitada explotable en sistemas Windows. Este problema puede provocar una escritura de archivos limitada. Permite escribir archivos json en cualquier lugar del servidor al que tenga acceso el servidor web."
    }
  ],
  "id": "CVE-2024-31462",
  "lastModified": "2024-11-21T09:13:34.613",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-12T22:15:07.320",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.