cbcvebase.
CVE-2023-47117
published 2023-11-13

CVE-2023-47117: Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set…

PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.06%
89.4th percentile
Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. In addition, Label Studio had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes. This vulnerability has been addressed in commit `f931d9d129` which is included in the 1.9.2post0 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected

6 ranges
VendorProductVersion rangeFixed in
humansignallabel-studio< 1.9.2post01.9.2post0
humansignallabel-studio>= 0 < f931d9d129002f54a495995774ce7384174cef5cf931d9d129002f54a495995774ce7384174cef5c
humansignallabel-studio>= 0 < 1.9.21.9.2
humansignallabel-studio>= 0 < 1.9.2.post01.9.2.post0
humansignallabel_studio< 1.9.21.9.2
humansignallabel_studio

Detection & IOCsextracted from sources · hover to see the quote

url/user/login/?next=/projects/
url/api/dm/views/{{Task_id}}?interaction=filter&project={{Project_id}}
url/api/tasks?page=1&page_size=30&view={{Task_id}}&interaction=filter&project={{Project_id}}
otherfilter:tasks:updated_by__active_organization__active_users__password
other^pbkdf2_sha256\$260000\$
otherhttp.favicon.hash:-1649949475
cookiecsrfmiddlewaretoken
  • Look for PATCH requests to /api/dm/views/ with 'interaction=filter' query parameter containing ORM traversal filter keys such as 'filter:tasks:updated_by__active_organization__active_users__password' in the JSON body — this is the exploit payload for leaking password hashes character-by-character.
  • Detect JSON bodies in PATCH /api/dm/views requests containing deeply nested Django ORM filter traversal paths (double-underscore chaining) targeting user credential fields, e.g. 'active_organization__active_users__password'.
  • Responses to /api/tasks with 'interaction=filter' that contain 'completed_at', 'file_upload', and 'annotators' fields confirm successful exploitation of the ORM leak.
  • Label Studio instances can be fingerprinted on Shodan using favicon hash -1649949475 to identify exposed targets.
  • The vulnerability is exploitable by authenticated users; monitor for repeated PATCH requests to /api/dm/views/ with varying regex values (single character increments) as a sign of character-by-character enumeration of password hashes.
  • Label Studio had a hard-coded secret key; forged session tokens may be used post-hash-leak. Monitor for session tokens belonging to high-privilege accounts appearing from unexpected IPs.
  • ·The exploit requires valid credentials (authenticated access) to reach the vulnerable PATCH /api/dm/views/ endpoint; unauthenticated exploitation is only possible if the hard-coded secret key is used to forge a session token after hash leakage.
  • ·The fix is included in commit f931d9d129 and release 1.9.2post0; all prior versions are affected. Detection rules should scope to Label Studio versions prior to 1.9.2post0.
  • ·The Nuclei template requires the tester to supply task ID and project ID variables ({{task}} and {{project}}); automated scanning without these values will not produce valid exploit requests.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.