CVE-2024-11044
📋 TL;DR
An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows attackers to redirect users to malicious websites via crafted URLs. This affects all users running the vulnerable version of the web interface. The vulnerability enables phishing, malware distribution, and credential theft attacks.
💻 Affected Systems
- automatic1111/stable-diffusion-webui
📦 What is this software?
Stable Diffusion Webui by Automatic1111
⚠️ Risk & Real-World Impact
Worst Case
Users are redirected to sophisticated phishing sites that steal credentials, install malware, or compromise their systems, leading to account takeover, data theft, or ransomware infection.
Likely Case
Attackers use the vulnerability for phishing campaigns to steal user credentials or distribute adware/malware through malicious redirects.
If Mitigated
With proper user awareness and browser security controls, users might recognize suspicious redirects, limiting successful attacks to less sophisticated targets.
🎯 Exploit Status
Exploitation requires tricking users into clicking malicious links but is technically simple to implement.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.10.1 or later
Vendor Advisory: https://github.com/AUTOMATIC1111/stable-diffusion-webui/security/advisories
Restart Required: Yes
Instructions:
1. Backup your configuration and models. 2. Update to version 1.10.1 or later using git pull or download the latest release. 3. Restart the webui service.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to reject URLs with external domains in redirect parameters.
Modify webui.py to validate redirect URLs against an allowlist before processing.
Reverse Proxy Filtering
linuxConfigure reverse proxy (nginx/apache) to block requests with suspicious redirect parameters.
Add location block in nginx to deny requests containing 'redirect=' with external domains.
🧯 If You Can't Patch
- Restrict access to the webui to trusted networks only using firewall rules.
- Implement client-side browser extensions that warn about open redirects.
🔍 How to Verify
Check if Vulnerable:
Check if running version 1.10.0 by examining the webui interface or version file.Check Version:
grep 'version' webui.py or check the web interface footer.Verify Fix Applied:
After updating, confirm version is 1.10.1+ and test that redirects to external domains are blocked.📡 Detection & Monitoring
Log Indicators:
- HTTP requests with 'redirect=' parameter containing external domains
- Unusual redirect patterns in access logs
Network Indicators:
- Outbound connections to unexpected domains following redirects
- Increased traffic to known phishing domains
SIEM Query:
source="webui_access.log" AND "redirect=" AND NOT "redirect=localhost"