CVE-2024-31462

MEDIUM

Stable-diffusion-webui <1.7.0 - Path Traversal

Title source: llm

Description

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.

References (10)

Core 10

Core References

Various Sources x_refsource_confirm

https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/

Patch x_refsource_misc

https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43

View Patch ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59

View Writeup ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660

View Writeup ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65

View Writeup ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653

View Writeup ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67

View Writeup ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py

View Writeup ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461

Various Sources x_refsource_misc

https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui

Scores

CVSS v3 6.3

EPSS 0.0024

EPSS Percentile 47.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

AUTOMATIC1111/stable-diffusion-webui <= 1.8.0

Published Apr 12, 2024

Tracked Since Feb 18, 2026