CVE-2024-47168

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 4.44

Description This issue involves data exposure due to the enable monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the "/monitoring" endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable monitoring=False to prevent unauthorized access to monitoring data are impacted.

Recommendations To address this issue, upgrade to gradio>=4.44. As a temporary workaround, consider restricting access to the "/monitoring" endpoint until the issue is resolved. There are no known workarounds for this vulnerability.