CVE-2024-4254
Published: 04 June 2024
Summary
CVE-2024-4254 is a high-severity Invocation of Process Using Visible Sensitive Information (CWE-214) vulnerability in Gradio Project Gradio. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Poisoned Pipeline Execution (T1677); ranked in the top 39.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-32806
Vulnerability details
The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as…
more
it allows the running of untrusted code in an environment with access to push to the base repository and access secrets. This flaw could lead to the exfiltration of sensitive secrets such as GITHUB_TOKEN, HF_TOKEN, VERCEL_ORG_ID, VERCEL_PROJECT_ID, COMMENT_TOKEN, AWSACCESSKEYID, AWSSECRETKEY, and VERCEL_TOKEN. The vulnerability is present in the workflow file located at https://github.com/gradio-app/gradio/blob/72f4ca88ab569aae47941b3fb0609e57f2e13a27/.github/workflows/deploy-website.yml.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Gradio is an open-source Python library for creating web interfaces for machine learning models, fitting under Other Platforms as a deployment and demo tool for AI/ML applications. The vulnerability is in its GitHub repository's CI/CD workflow.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability allows execution of untrusted code from forks/PRs in GitHub Actions workflow (T1677: Poisoned Pipeline Execution), enabling compromise of the software supply chain (T1195.002) and theft of unsecured CI/CD secrets like tokens (T1552).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.