CVE-2023-43791 - OpenCVE

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Humansignal	Label Studio

Configuration 1 [-]

cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b
https://github.com/HumanSignal/label-studio/pull/4690
https://github.com/HumanSignal/label-studio/releases/tag/1.8.2
https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-09T14:42:40.750Z

Updated: 2024-09-03T18:46:40.834Z

Reserved: 2023-09-22T14:51:42.339Z

Link: CVE-2023-43791

Vulnrichment

Updated: 2024-08-02T19:52:11.411Z

NVD

Status : Analyzed

Published: 2023-11-09T15:15:08.743

Modified: 2023-11-18T00:55:15.610

Link: CVE-2023-43791

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43791", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-22T14:51:42.339Z", "datePublished": "2023-11-09T14:42:40.750Z", "dateUpdated": "2024-09-03T18:46:40.834Z"}, "containers": {"cna": {"title": "Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m"}, {"name": "https://github.com/HumanSignal/label-studio/pull/4690", "tags": ["x_refsource_MISC"], "url": "https://github.com/HumanSignal/label-studio/pull/4690"}, {"name": "https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b", "tags": ["x_refsource_MISC"], "url": "https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b"}, {"name": "https://github.com/HumanSignal/label-studio/releases/tag/1.8.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/HumanSignal/label-studio/releases/tag/1.8.2"}], "affected": [{"vendor": "HumanSignal", "product": "label-studio", "versions": [{"version": "<= 1.8.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-09T14:42:40.750Z"}, "descriptions": [{"lang": "en", "value": "Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced."}], "source": {"advisory": "GHSA-f475-x83m-rx5m", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.411Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m"}, {"name": "https://github.com/HumanSignal/label-studio/pull/4690", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/HumanSignal/label-studio/pull/4690"}, {"name": "https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b"}, {"name": "https://github.com/HumanSignal/label-studio/releases/tag/1.8.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/HumanSignal/label-studio/releases/tag/1.8.2"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T18:43:34.308098Z", "id": "CVE-2023-43791", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T18:46:40.834Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m", "name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/HumanSignal/label-studio/pull/4690", "name": "https://github.com/HumanSignal/label-studio/pull/4690", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b", "name": "https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/HumanSignal/label-studio/releases/tag/1.8.2", "name": "https://github.com/HumanSignal/label-studio/releases/tag/1.8.2", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.411Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43791", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-03T18:43:34.308098Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T18:44:37.496Z"}}], "cna": {"title": "Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens", "source": {"advisory": "GHSA-f475-x83m-rx5m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "HumanSignal", "product": "label-studio", "versions": [{"status": "affected", "version": "<= 1.8.1"}]}], "references": [{"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m", "name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/HumanSignal/label-studio/pull/4690", "name": "https://github.com/HumanSignal/label-studio/pull/4690", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b", "name": "https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/HumanSignal/label-studio/releases/tag/1.8.2", "name": "https://github.com/HumanSignal/label-studio/releases/tag/1.8.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-09T14:42:40.750Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43791", "state": "PUBLISHED", "dateUpdated": "2024-09-03T18:46:40.834Z", "dateReserved": "2023-09-22T14:51:42.339Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-11-09T14:42:40.750Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACEFE38F-DAA5-4450-9527-0669A8790ADC", "versionEndExcluding": "1.8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced."}, {"lang": "es", "value": "Label Studio es una herramienta de anotaci\u00f3n y etiquetado de datos de varios tipos con formato de salida estandarizado. Existe una vulnerabilidad que se puede encadenar dentro de la vulnerabilidad ORM Leak para hacerse pasar por cualquier cuenta en Label Studio. Un atacante podr\u00eda aprovechar estas vulnerabilidades para escalar sus privilegios de un usuario con permisos bajos a un usuario s\u00faper administrador de Django. Se descubri\u00f3 que la vulnerabilidad afectaba a versiones anteriores a la \"1.8.2\", donde se introdujo un parche."}], "id": "CVE-2023-43791", "lastModified": "2023-11-18T00:55:15.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-09T15:15:08.743", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/HumanSignal/label-studio/pull/4690"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/HumanSignal/label-studio/releases/tag/1.8.2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Primary"}]}