{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T03:04:59.109","vulnerabilities":[{"cve":{"id":"CVE-2023-43791","sourceIdentifier":"security-advisories@github.com","published":"2023-11-09T15:15:08.743","lastModified":"2026-06-17T06:26:27.070","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced."},{"lang":"es","value":"Label Studio es una herramienta de anotación y etiquetado de datos de varios tipos con formato de salida estandarizado. Existe una vulnerabilidad que se puede encadenar dentro de la vulnerabilidad ORM Leak para hacerse pasar por cualquier cuenta en Label Studio. Un atacante podría aprovechar estas vulnerabilidades para escalar sus privilegios de un usuario con permisos bajos a un usuario súper administrador de Django. Se descubrió que la vulnerabilidad afectaba a versiones anteriores a la \"1.8.2\", donde se introdujo un parche."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"HumanSignal","product":"label-studio","versions":[{"version":"<= 1.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-03T18:43:34.308098Z","id":"CVE-2023-43791","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*","versionEndExcluding":"1.8.2","matchCriteriaId":"ACEFE38F-DAA5-4450-9527-0669A8790ADC"}]}]}],"references":[{"url":"https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/HumanSignal/label-studio/pull/4690","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/HumanSignal/label-studio/releases/tag/1.8.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/HumanSignal/label-studio/commit/3d06c5131c15600621e08b06f07d976887cde81b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/HumanSignal/label-studio/pull/4690","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/HumanSignal/label-studio/releases/tag/1.8.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/HumanSignal/label-studio/security/advisories/GHSA-f475-x83m-rx5m","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}