CVE-2024-11045

A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling unauthorized actions on the server. This can lead to unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and potential denial of service (DoS).

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://huntr.com/bounties/b7ed0d87-0be5-4526-9b21-ffe0d39c283e	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:automatic1111:stable-diffusion-webui:1.10.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-08-05 16:26

NVD link : CVE-2024-11045

Mitre link : CVE-2024-11045

CVE.ORG link : CVE-2024-11045

JSON object : View

Products Affected

automatic1111

stable-diffusion-webui

CWE

CWE-284

Improper Access Control

CWE-346

Origin Validation Error

{"id": "CVE-2024-11045", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:23.873", "references": [{"url": "https://huntr.com/bounties/b7ed0d87-0be5-4526-9b21-ffe0d39c283e", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling unauthorized actions on the server. This can lead to unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and potential denial of service (DoS)."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site WebSocket Hijacking (CSWSH) en automatic1111/stable-diffusion-webui versi\u00f3n 1.10.0 permite a un atacante clonar una extensi\u00f3n de servidor maliciosa desde un repositorio de GitHub. La vulnerabilidad se debe a la falta de una validaci\u00f3n adecuada de las conexiones WebSocket en ws://127.0.0.1:7860/queue/join, lo que permite acciones no autorizadas en el servidor. Esto puede provocar la clonaci\u00f3n no autorizada de extensiones de servidor, la ejecuci\u00f3n de scripts maliciosos, la exfiltraci\u00f3n de datos y una posible denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2025-08-05T16:26:33.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:automatic1111:stable-diffusion-webui:1.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2770C0D5-C2C6-4775-BA35-5E50ED159DD1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}