CVE-2023-47116

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 31, 2024

Updated: Feb 9, 2024

CWE ID 918

Summary

CVE-2023-47116 is a newly discovered vulnerability in Label Studio, an open-source data labeling tool. Affecting all versions prior to 1.11.0, this issue can be exploited to bypass Label Studio's Server Side Request Forgery (SSRF) protection. The protection, which can be activated using the `SSRF_PROTECTION_ENABLED` environment variable, relies on IP address verification through a single DNS lookup. However, an attacker can bypass this check using HTTP redirection or DNS rebinding techniques, potentially gaining unauthorized access to internal web servers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tNZBHI
https://www.cve.org/CVERecord?id=CVE-2023-47116
https://nvd.nist.gov/vuln/detail/CVE-2023-47116

Back to Vulnerability Database

CVE-2023-47116

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations