How severe is CVE-2024-47168?

This vulnerability has a severity rating of LOW with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-47168?

This is classified as CWE-670, which is a common weakness in software security.

CVE-2024-47168

LOW Year: 2024

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-670

View all →

Vulnerability Description

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. Users are advised to upgrade to gradio>=4.44 to address this issue. There are no known workarounds for this vulnerability.

CVE-2020-26506

MEDIUM

CVSS:4.3(Medium)

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed f...

CWE-6702020

CVE-2020-3885

MEDIUM

CVSS:4.3(Medium)

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windo...

CWE-6702020

CVE-2024-25622

MEDIUM

CVSS:4.3(Medium)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The conf...

CWE-6702024

CVE-2024-45298

MEDIUM

CVSS:4.3(Medium)

Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said ...

CWE-6702024

CVE-2021-3011

MEDIUM

CVSS:4.2(Medium)

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attacker...

CWE-6702021

CVE-2024-53269

MEDIUM

CVSS:4.5(Medium)

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has bee...

CWE-6702024

CVE-2024-47168

Vulnerability Description

Related Vulnerabilities

CVE-2020-26506

CVE-2020-3885

CVE-2024-25622

CVE-2024-45298

CVE-2021-3011

CVE-2024-53269