AVID-2026-R1522

Description

Secrets Exfiltration in gradio-app/gradio (CVE-2024-4254)

Details

The ‘deploy-website.yml’ workflow in the gradio-app/gradio repository, specifically in the ‘main’ branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow’s explicit checkout and execution of code from a fork, which is unsafe as it allows the running of untrusted code in an environment with access to push to the base repository and access secrets. This flaw could lead to the exfiltration of sensitive secrets such as GITHUB_TOKEN, HF_TOKEN, VERCEL_ORG_ID, VERCEL_PROJECT_ID, COMMENT_TOKEN, AWSACCESSKEYID, AWSSECRETKEY, and VERCEL_TOKEN. The vulnerability is present in the workflow file located at https://github.com/gradio-app/gradio/blob/72f4ca88ab569aae47941b3fb0609e57f2e13a27/.github/workflows/deploy-website.yml.

Reason for inclusion in AVID: CVE-2024-4254 describes a secrets exfiltration vulnerability in a Gradio repository’s CI/CD workflow, enabling untrusted code from forks to access secrets. This is a software supply chain issue within AI deployment tooling (Gradio is widely used in ML apps), affecting components used to build/deploy AI systems. It involves a security vulnerability (secret leakage) in a software supply chain context (CI/CD workflow). Sufficient evidence is provided in the report (CVE entry and description).

References

• NVD entry
• https://huntr.com/bounties/59873fbd-5698-4ec3-87f9-5d70c6055d01

Affected or Relevant Artifacts

• Developer: gradio-app
• Deployer: gradio-app
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-06-04
• Version: 0.3.3
• AVID Entry