cbcvebase.
CVE-2023-43791
published 2023-11-09

CVE-2023-43791: Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM…

PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.24%
65.5th percentile
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced.

Affected

4 ranges
VendorProductVersion rangeFixed in
humansignallabel-studio<= 1.8.1
humansignallabel-studio>= 0 < 3d06c5131c15600621e08b06f07d976887cde81b3d06c5131c15600621e08b06f07d976887cde81b
humansignallabel-studio>= 0 < 1.8.21.8.2
humansignallabel_studio< 1.8.21.8.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.