CVE-2023-46315 – This vulnerability in the Infinite Image Browsi... (How to Fix)

Q: What is the severity of CVE-2023-46315?

CVE-2023-46315 has a CVSS score of 7.5 (HIGH). This vulnerability in the Infinite Image Browsing extension for Stable Diffusion web UI allows remote attackers to read any local file on the server when Gradio authentication is enabled without proper secret key configuration. Attackers can exploit this via the /file?path= URL parameter to access sensitive files like /proc/self/environ containing credentials. Users running vulnerable versions of this extension with improper authentication settings are affected.

📋 TL;DR

This vulnerability in the Infinite Image Browsing extension for Stable Diffusion web UI allows remote attackers to read any local file on the server when Gradio authentication is enabled without proper secret key configuration. Attackers can exploit this via the /file?path= URL parameter to access sensitive files like /proc/self/environ containing credentials. Users running vulnerable versions of this extension with improper authentication settings are affected.

💻 Affected Systems

Products:

zanllp sd-webui-infinite-image-browsing (Infinite Image Browsing extension)

Versions: All versions before commit 977815a

Operating Systems: All operating systems running the vulnerable extension

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when Gradio authentication is enabled without proper secret key configuration. Default installations without authentication are not vulnerable.

📦 What is this software?

Stable Diffusion Webui Infinite Image Browsing by Zanllp

View all CVEs affecting Stable Diffusion Webui Infinite Image Browsing →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential theft, privilege escalation, and data exfiltration of sensitive files including configuration files, SSH keys, and database credentials.

🟠

Likely Case

Unauthorized access to sensitive configuration files and environment variables leading to credential exposure and potential lateral movement within the network.

🟢

If Mitigated

No impact when proper authentication with secret key is configured or when extension is not internet-facing.

🌐 Internet-Facing: HIGH - Direct file read vulnerability that can be exploited remotely without authentication when improperly configured.

🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or through compromised internal systems, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only HTTP requests to the vulnerable endpoint. The issue description includes specific exploitation examples like reading /proc/self/environ.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 977815a and later

Vendor Advisory: https://github.com/zanllp/sd-webui-infinite-image-browsing/issues/387

Restart Required: Yes

Instructions:

1. Update the extension to commit 977815a or later. 2. Pull latest changes: git pull origin main. 3. Restart the Stable Diffusion web UI service.

🔧 Temporary Workarounds

Disable Gradio Authentication

all

Temporarily disable Gradio authentication until patch can be applied

Modify webui-user.bat or webui-user.sh to remove --gradio-auth flag

Configure Secret Key Properly

all

Ensure Gradio authentication uses a strong secret key

webui-user.bat --gradio-auth username:password --gradio-key your-strong-secret-key

🧯 If You Can't Patch

Isolate the service behind a firewall and restrict access to trusted IPs only
Implement network-level file access controls and disable the extension entirely

🔍 How to Verify

Check if Vulnerable:

Check if extension version is before commit 977815a AND Gradio authentication is enabled without secret key configuration

Check Version:

cd extensions/sd-webui-infinite-image-browsing && git log --oneline -1

Verify Fix Applied:

Verify extension is at commit 977815a or later: git log --oneline -1

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /file?path= with unusual file paths
Access to /proc/self/environ or other sensitive paths

Network Indicators:

Unusual file read patterns via HTTP GET requests
Traffic to sensitive file paths from unauthorized sources

SIEM Query:

http.url:"/file?path=" AND (http.status:200 OR http.status:403)

📊 Metadata

CVE ID: CVE-2023-46315

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: October 22, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/zanllp/sd-webui-infinite-image-browsing/issues/387 Issue Tracking,Vendor Advisory
https://github.com/zanllp/sd-webui-infinite-image-browsing/pull/368/commits/977815a2b28ad953c10ef0114c365f698c4b8f19 Patch
https://github.com/zanllp/sd-webui-infinite-image-browsing/issues/387 Issue Tracking,Vendor Advisory
https://github.com/zanllp/sd-webui-infinite-image-browsing/pull/368/commits/977815a2b28ad953c10ef0114c365f698c4b8f19 Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46315, you might also want to check these: