Open Redirect in gradio-app/gradio

Vulnerability

Overview

CVE-2024-8021 describes an open redirect vulnerability in Gradio, a Python library for building machine learning demos. The vulnerability stems from improper validation of user-supplied input, allowing an attacker to manipulate URL parameters to redirect users to arbitrary external domains via a 302 redirect. This is achieved by URL encoding the malicious destination within a request to the application.

Exploitation

An attacker can exploit this vulnerability by crafting a request that includes a URL-encoded payload targeting the redirect mechanism. No authentication is required, as the vulnerability is present in the default configuration. The attack can be performed remotely, making it accessible to any user who can interact with the Gradio application. The application returns a 302 redirect response, transparently sending the user to the attacker-controlled site.

Impact

Successful exploitation enables an attacker to redirect users to phishing pages, malware distribution sites, or other malicious destinations. This undermines the trustworthiness of the Gradio application and can lead to credential theft or further compromise. The vulnerability is classified as an open redirect, which is often used in social engineering attacks.

Mitigation

Status

As of the publication date, Gradio has not released a patch for this vulnerability. Administrators should monitor the official repository for updates and consider implementing input validation or a web application firewall to mitigate the risk. The vulnerability was reported via the Huntr bug bounty platform [3] and is acknowledged on the NVD [2].