Cyber Resilience

CVE-2024-47871

High

Published: 10 October 2024

Published
10 October 2024
Modified
17 October 2024
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0008 24.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47871 is a high-severity Missing Encryption of Sensitive Data (CWE-311) vulnerability in Gradio Project Gradio. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 24.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Manipulate AI Model (AML.T0018), Exfiltration via AI Inference API (AML.T0024).

EU & UK References

Vulnerability details

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to…

more

intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Gradio is an open-source platform for building and sharing interactive web demos for machine learning models, fitting under 'Other Platforms' as it provides UI and sharing capabilities for AI/ML prototypes, not a framework, library, or specific AI subdomain like NLP or CV.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
T1565.002 Transmitted Data Manipulation Impact
Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Insecure unencrypted communication between FRP client and server enables network sniffing (T1040), adversary-in-the-middle interception and modification (T1557), and transmitted data manipulation (T1565.002).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0016: Obtain CapabilitiesAML.T0018: Manipulate AI ModelAML.T0024: Exfiltration via AI Inference APIAML.T0051: LLM Prompt Injection

Affected Assets

gradio project
gradio
≤ 5.0.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-311

Privacy and security training stresses encryption of sensitive data, reducing missing encryption weaknesses.

addresses: CWE-311

Exchange agreements must document security requirements, which would include encryption to protect sensitive data in transit.

addresses: CWE-311

The map highlights data actions that involve sensitive data, enabling identification of missing encryption requirements.

addresses: CWE-311

Settings can require encryption of sensitive data, preventing missing encryption weaknesses.

addresses: CWE-311

Architectures must describe confidentiality protections, which includes mandating encryption for sensitive data in transit and at rest.

addresses: CWE-311

Privacy and security curricula stress encryption requirements, reducing missing encryption of sensitive data.

addresses: CWE-311

Requires encryption and similar controls for CUI processed or stored externally, preventing missing encryption of sensitive data.

addresses: CWE-311

Monitoring detects missing encryption of sensitive data in storage or transit configurations.

References