CVE-2024-47871
Published: 10 October 2024
Summary
CVE-2024-47871 is a high-severity Missing Encryption of Sensitive Data (CWE-311) vulnerability in Gradio Project Gradio. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 24.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Manipulate AI Model (AML.T0018), Exfiltration via AI Inference API (AML.T0024).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0074
Vulnerability details
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to…
more
intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Gradio is an open-source platform for building and sharing interactive web demos for machine learning models, fitting under 'Other Platforms' as it provides UI and sharing capabilities for AI/ML prototypes, not a framework, library, or specific AI subdomain like NLP or CV.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure unencrypted communication between FRP client and server enables network sniffing (T1040), adversary-in-the-middle interception and modification (T1557), and transmitted data manipulation (T1565.002).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Privacy and security training stresses encryption of sensitive data, reducing missing encryption weaknesses.
Exchange agreements must document security requirements, which would include encryption to protect sensitive data in transit.
The map highlights data actions that involve sensitive data, enabling identification of missing encryption requirements.
Settings can require encryption of sensitive data, preventing missing encryption weaknesses.
Architectures must describe confidentiality protections, which includes mandating encryption for sensitive data in transit and at rest.
Privacy and security curricula stress encryption requirements, reducing missing encryption of sensitive data.
Requires encryption and similar controls for CUI processed or stored externally, preventing missing encryption of sensitive data.
Monitoring detects missing encryption of sensitive data in storage or transit configurations.