CVE-2024-10906
Published: 20 March 2025
Summary
CVE-2024-10906 is a high-severity CSRF (CWE-352) vulnerability in Dbgpt Db-Gpt. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 23.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Establishes and enforces secure configuration settings for web server middleware like CORSMiddleware to restrict Access-Control-Allow-Origin to trusted origins, directly preventing the CSRF vulnerability.
Requires timely identification, reporting, and remediation of the specific CSRF flaw in db-gpt version 0.6.0 through patching or upgrading.
Protects the authenticity of communications sessions against CSRF attacks that forge user requests to server endpoints.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CSRF vulnerability enables attackers to perform unauthorized actions on server endpoints by tricking authenticated users into visiting a malicious site/link, which forges cross-origin requests using the victim's session; this directly maps to the Malicious Link technique.
NVD Description
In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance of `CORSMiddleware` which sets the `Access-Control-Allow-Origin` to `*` for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request…
more
Forgery (CSRF). An attacker can exploit this vulnerability to interact with any endpoints of the instance, even if the instance is not publicly exposed to the network.
Deeper analysisAI
CVE-2024-10906 is a Cross-Site Request Forgery (CSRF) vulnerability affecting version 0.6.0 of eosphoros-ai/db-gpt. The issue stems from the uvicorn application created by dbgpt_server, which employs an overly permissive CORSMiddleware configuration. This sets the Access-Control-Allow-Origin header to "*" for all requests, exposing all server endpoints to CSRF attacks. The vulnerability is classified under CWE-352 with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H).
Attackers can exploit this vulnerability without privileges over the network with low complexity, but it requires user interaction, such as tricking a victim into visiting a malicious site. Even if the db-gpt instance is not publicly exposed, an attacker can force the victim's browser to interact with any endpoints on the server, potentially leading to high integrity and availability impacts, such as unauthorized actions or disruptions.
The primary advisory is available at https://huntr.com/bounties/8864aca5-a342-4dab-b866-b2882ba6f160, which details the vulnerability discovered through a bug bounty program. Practitioners should consult this reference for specific patch information or mitigation guidance, such as restricting CORS origins or upgrading to a fixed version if available. The CVE was published on 2025-03-20.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Regex match