CVE-2023-47116 - Vulnerability Details - OpenCVE

Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Humansignal	Label Studio

Configuration 1 [-]

cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64
https://github.com/HumanSignal/label-studio/releases/tag/1.11.0
https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r

History

Tue, 17 Jun 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-31T16:21:50.793Z

Updated: 2025-06-17T21:29:19.276Z

Reserved: 2023-10-30T19:57:51.674Z

Link: CVE-2023-47116

Vulnrichment

Updated: 2024-08-02T21:01:22.711Z

NVD

Status : Modified

Published: 2024-01-31T17:15:13.370

Modified: 2024-11-21T08:29:48.630

Link: CVE-2023-47116

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47116", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-30T19:57:51.674Z", "datePublished": "2024-01-31T16:21:50.793Z", "dateUpdated": "2025-06-17T21:29:19.276Z"}, "containers": {"cna": {"title": "Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r"}, {"name": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64", "tags": ["x_refsource_MISC"], "url": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64"}, {"name": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0"}], "affected": [{"vendor": "HumanSignal", "product": "label-studio", "versions": [{"version": "< 1.11.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-31T16:21:50.793Z"}, "descriptions": [{"lang": "en", "value": "Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack."}], "source": {"advisory": "GHSA-p59w-9gqw-wj8r", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.711Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r"}, {"name": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64"}, {"name": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47116", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-31T20:33:12.634033Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:29:19.276Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r", "name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64", "name": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0", "name": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.711Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47116", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-31T20:33:12.634033Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:22:56.157Z"}}], "cna": {"title": "Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections", "source": {"advisory": "GHSA-p59w-9gqw-wj8r", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "HumanSignal", "product": "label-studio", "versions": [{"status": "affected", "version": "< 1.11.0"}]}], "references": [{"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r", "name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64", "name": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0", "name": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-31T16:21:50.793Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47116", "state": "PUBLISHED", "dateUpdated": "2025-06-17T21:29:19.276Z", "dateReserved": "2023-10-30T19:57:51.674Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-31T16:21:50.793Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "27567917-A7FB-4767-B9F6-6C8D422D62E7", "versionEndExcluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Label Studio is a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Label Studio's SSRF protections that can be enabled by setting the `SSRF_PROTECTION_ENABLED` environment variable can be bypassed to access internal web servers. This is because the current SSRF validation is done by executing a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a DNS rebinding attack."}, {"lang": "es", "value": "Label Studio es una popular herramienta de etiquetado de datos de c\u00f3digo abierto. La vulnerabilidad afecta a todas las versiones de Label Studio anteriores a la 1.11.0 y se prob\u00f3 en la versi\u00f3n 1.8.2. Las protecciones SSRF de Label Studio que se pueden habilitar configurando la variable de entorno `SSRF_PROTECTION_ENABLED` se pueden omitir para acceder a los servidores web internos. Esto se debe a que la validaci\u00f3n SSRF actual se realiza ejecutando una \u00fanica b\u00fasqueda de DNS para verificar que la direcci\u00f3n IP no est\u00e9 en un rango de subred excluido. Esta protecci\u00f3n se puede omitir utilizando la redirecci\u00f3n HTTP o realizando un ataque de vinculaci\u00f3n de DNS."}], "id": "CVE-2023-47116", "lastModified": "2024-11-21T08:29:48.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-31T17:15:13.370", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/HumanSignal/label-studio/commit/55dd6af4716b92f2bb213fe461d1ffbc380c6a64"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-p59w-9gqw-wj8r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}