CVE-2023-43791 – CVE-2023-43791 is a privilege escalation vulner... (How to Fix)

Q: What is the severity of CVE-2023-43791?

CVE-2023-43791 has a CVSS score of 9.8 (CRITICAL). CVE-2023-43791 is a privilege escalation vulnerability in Label Studio that allows attackers to chain an ORM leak vulnerability with other flaws to impersonate any account, including Django Super Administrator. This affects all Label Studio installations before version 1.8.2. Attackers with low-privilege access can gain full administrative control over the system.

📋 TL;DR

CVE-2023-43791 is a privilege escalation vulnerability in Label Studio that allows attackers to chain an ORM leak vulnerability with other flaws to impersonate any account, including Django Super Administrator. This affects all Label Studio installations before version 1.8.2. Attackers with low-privilege access can gain full administrative control over the system.

💻 Affected Systems

Products:

Label Studio

Versions: All versions before 1.8.2

Operating Systems: All platforms running Label Studio

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Label Studio by Humansignal

View all CVEs affecting Label Studio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain super administrator privileges, allowing them to access all data, modify configurations, execute arbitrary code, and potentially pivot to other systems.

🟠

Likely Case

Attackers with existing low-privilege access escalate to administrative privileges, enabling data theft, system manipulation, and persistence establishment.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the Label Studio instance, preventing lateral movement to other systems.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly accessible to attackers who can exploit this after obtaining any user account.

🏢 Internal Only: HIGH - Internal attackers with any level of access can escalate to full administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires chaining with ORM leak vulnerability and some level of initial access, but detailed technical information is publicly available in the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.2

Vendor Advisory: https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m

Restart Required: Yes

Instructions:

1. Backup your Label Studio data and configuration. 2. Update to version 1.8.2 or later using pip: 'pip install label-studio>=1.8.2'. 3. Restart the Label Studio service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Label Studio to only trusted users and networks

Access Control Hardening

all

Implement strict access controls and monitor for suspicious privilege escalation attempts

🧯 If You Can't Patch

Isolate the Label Studio instance in a separate network segment with strict firewall rules
Implement multi-factor authentication and monitor all administrative actions closely

🔍 How to Verify

Check if Vulnerable:

Check Label Studio version: If version is less than 1.8.2, the system is vulnerable.

Check Version:

python -c "import label_studio; print(label_studio.__version__)"

Verify Fix Applied:

Verify Label Studio version is 1.8.2 or higher and test that privilege escalation attempts fail.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation events
Multiple failed authentication attempts followed by successful admin login
User account modifications from non-admin accounts

Network Indicators:

Unusual API calls to user management endpoints
Requests to ORM-related endpoints from unexpected sources

SIEM Query:

source="label-studio" AND (event_type="user_privilege_change" OR event_type="admin_login" OR event_type="account_impersonation")

📊 Metadata

CVE ID: CVE-2023-43791

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-200

Published: November 9, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b Patch
https://github.com/HumanSignal/label-studio/pull/4690 Patch
https://github.com/HumanSignal/label-studio/releases/tag/1.8.2 Release Notes
https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m Exploit,Vendor Advisory
https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b Patch
https://github.com/HumanSignal/label-studio/pull/4690 Patch
https://github.com/HumanSignal/label-studio/releases/tag/1.8.2 Release Notes
https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43791, you might also want to check these: