Modelscope Agentscope CORS Vulnerability in v0.0.4 Allowing Unauthorized API Access

Vulnerability

A Cross-Origin Resource Sharing (CORS) vulnerability has been identified in Modelscope Agentscope version v0.0.4. The CORS configuration on the Agentscope server fails to adequately restrict access to trusted origins, permitting any external domain to send requests to the API. This oversight could result in unauthorized data access, information disclosure, and potential further exploitation, thereby compromising the system's integrity and confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized access to data, information disclosure, and potential further exploitation of the system, compromising its integrity and confidentiality.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Modelscope Agentscope CORS Vulnerability in v0.0.4 Allowing Unauthorized API Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating