CVE-2024-26152

Опубликовано: 22 фев. 2024

Источник: nvd

CVSS3: 4.7

CVSS3: 6.1

EPSS Низкий

Описание

Summary

On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability.

Details

Need permission to use the "data import" function. This was reproduced on Label Studio 1.10.1.

PoC

Create a project.
Upload a file containing the payload using the "Upload Files" function.

The following are the contents of the files used in the PoC

{ "data": { "prompt": "

Ссылки

https://github.com/HumanSignal/label-studio/commit/5df9ae3828b98652e9fa290a19f4deedf51ef6c8
Patch
https://github.com/HumanSignal/label-studio/pull/5232
Patch
https://github.com/HumanSignal/label-studio/releases/tag/1.11.0
Release Notes
https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6xv9-957j-qfhg
Exploit
Vendor Advisory
https://github.com/HumanSignal/label-studio/commit/5df9ae3828b98652e9fa290a19f4deedf51ef6c8
Patch
https://github.com/HumanSignal/label-studio/pull/5232
Patch
https://github.com/HumanSignal/label-studio/releases/tag/1.11.0
Release Notes
https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6xv9-957j-qfhg
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*

Версия до 1.11.0 (исключая)

EPSS

Процентиль: 80%

0.01335

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-26152

CVSS3: 4.7

debian

почти 2 года назад

### Summary On all Label Studio versions prior to 1.11.0, data importe ...

GHSA-6xv9-957j-qfhg

CVSS3: 4.7

github

почти 2 года назад

Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

EPSS

Процентиль: 80%

0.01335

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79