CVE-2023-47117

high-risk
Published 2023-11-13

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. In addition, Label Studio had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes. This vulnerability has been addressed in commit `f931d9d129` which is included in the 1.9.2post0 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Do I need to act?

!
65.8% chance of exploitation in next 30 days
EPSS score — higher than 34% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Humansignal

References (4)

Patch https://github.com/HumanSignal/label-studio/commit/f931d9d129002f54a495995774ce7...
Exploit https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6hjj-gq77-j...
Patch https://github.com/HumanSignal/label-studio/commit/f931d9d129002f54a495995774ce7...
Exploit https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6hjj-gq77-j...
52
/ 100
high-risk
Severity 26/34 · High
Exploitability 19/34 · Moderate
Exposure 7/34 · Low