CVE-2024-47168
Published: 10 October 2024
Summary
CVE-2024-47168 is a low-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Gradio Project Gradio. Its CVSS base score is 2.3 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Unsecured Credentials (AML.T0055), Publish Poisoned Models (AML.T0058).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0066
Vulnerability details
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can…
more
still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. Users are advised to upgrade to gradio>=4.44 to address this issue. There are no known workarounds for this vulnerability.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Gradio is an open-source Python package for quick prototyping of web interfaces for machine learning models, fitting as an 'Other Platforms' category in the AI ecosystem.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in Gradio enables unauthorized access to sensitive monitoring data via direct requests to the /monitoring endpoint on potentially public-facing web applications, facilitating exploitation of public-facing applications.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.