CVE-2023-46315 - OpenCVE

The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zanllp	Stable Diffusion Webui Infinite Image Browsing

Configuration 1 [-]

cpe:2.3:a:zanllp:stable_diffusion_webui_infinite_image_browsing:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/zanllp/sd-webui-infinite-image-browsing/issues/387	Issue Tracking Vendor Advisory
https://github.com/zanllp/sd-webui-infinite-image-browsing/pull/368/commits/977815a2b28ad953c10ef0114c365f698c4b8f19	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-22T00:00:00

Updated: 2023-10-22T21:44:50.784091

Reserved: 2023-10-22T00:00:00

Link: CVE-2023-46315

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-22T22:15:08.797

Modified: 2023-10-30T19:09:47.337

Link: CVE-2023-46315

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zanllp:stable_diffusion_webui_infinite_image_browsing:*:*:*:*:*:*:*:*", "matchCriteriaId": "771E3DD2-F6D0-42B6-80FE-3568F6428E95", "versionEndExcluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials."}, {"lang": "es", "value": "La extensi\u00f3n zanllp sd-webui-infinite-image-browsing (tambi\u00e9n conocida como Infinite Image Browsing) anterior a 977815a para stable-diffusion-webui (tambi\u00e9n conocida como Stable Diffusion web UI), si la autenticaci\u00f3n Gradio est\u00e1 habilitada sin configuraci\u00f3n de clave secreta, permite a atacantes remotos leer cualquier archivo local a trav\u00e9s de /file?path= en la URL, como se demuestra al leer /proc/self/environ para descubrir las credenciales."}], "id": "CVE-2023-46315", "lastModified": "2023-10-30T19:09:47.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-22T22:15:08.797", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://github.com/zanllp/sd-webui-infinite-image-browsing/issues/387"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/zanllp/sd-webui-infinite-image-browsing/pull/368/commits/977815a2b28ad953c10ef0114c365f698c4b8f19"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}