cbcvebase.
CVE-2024-4325
published 2024-06-06

CVE-2024-4325: A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the…

PriorityP184high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
37.37%
98.3th percentile
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerability arises when the `path` value, obtained from the user and expected to be a URL, is used to make an HTTP request without sufficient validation checks. This flaw allows an attacker to send crafted requests that could lead to unauthorized access to the local network or the AWS metadata endpoint, thereby compromising the security of internal servers.

Affected

3 ranges
VendorProductVersion rangeFixed in
gradio-appgradio-app_gradiounspecified – latest
gradio_projectgradio< 4.41.04.41.0
gradio_projectgradio0 – 4.36.0

Detection & IOCsextracted from sources · hover to see the quote

url/queue/join
path/file=/tmp/gradio/{{h_oast}}/oast.fun
path/tmp/gradio/d1be868eeb62e5194df165ccd8becbc5b3ffb299/favicon.ico
  • Detect SSRF exploitation attempts by monitoring POST requests to `/queue/join` containing a `path` field with an external or internal URL value inside the JSON body, particularly within a `gradio.FileData` typed object.
  • After a `/queue/join` SSRF trigger, watch for follow-up GET requests to `/file=/tmp/gradio/<sha1_hash>/<hostname>` — this path pattern is used to retrieve the SSRF-fetched content from the server's local cache.
  • Successful exploitation is confirmed when the response body to the `/file=` GET request contains OAST/OOB callback server strings such as 'Interactsh Server' or '/projectdiscovery/interactsh', with HTTP 200 status.
  • Identify exposed Gradio instances as SSRF targets using Shodan query `http.html:"__gradio_mode__"` or `http.title:"gradio"`, and FOFA query `body="__gradio_mode__"` or `title="gradio"`.
  • The SSRF can be used to reach the AWS metadata endpoint; monitor outbound requests from the Gradio process to `169.254.169.254` as an indicator of cloud metadata exfiltration.
  • The intermediate `/queue/join` response confirming a valid SSRF-triggerable session will contain `event_id` in a JSON body (`Content-Type: application/json`); use this as a first-stage detection filter.
  • ·The vulnerability is confirmed present in Gradio version 4.21.0 specifically; the SSRF exists because the `path` value from user input is passed to `save_url_to_cache` without sufficient validation.
  • ·The exploit is unauthenticated (PR:N) and requires no user interaction (UI:N), making it remotely exploitable with no prerequisites on any exposed Gradio 4.21.0 instance.
  • ·The PoC template uses a two-step flow: step 1 POSTs to `/queue/join` to trigger the SSRF fetch and cache the result; step 2 GETs `/file=/tmp/gradio/<sha1>/` to retrieve the cached content. Both steps must succeed for confirmed exploitation.

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vulncheck8.6HIGH
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.