cve-2024-43805
Vulnerability from cvelistv5
Published
2024-08-28 19:43
Modified
2024-08-28 19:58
Summary
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 have been patched to resolve this issue. Users are advised to upgrade. There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins can be disabled on deployments which cannot update in a timely fashion to minimise the risk. These are: 1. `@jupyterlab/mathjax-extension:plugin` - users will loose ability to preview mathematical equations. 2. `@jupyterlab/markdownviewer-extension:plugin` - users will loose ability to open Markdown previews. 3. `@jupyterlab/mathjax2-extension:plugin` (if installed with optional `jupyterlab-mathjax2` package) - an older version of the mathjax plugin for JupyterLab 4.x. To disable these extensions run: ```jupyter labextension disable @jupyterlab/markdownviewer-extension:plugin && jupyter labextension disable @jupyterlab/mathjax-extension:plugin && jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` in bash.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T19:58:47.317810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T19:58:57.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jupyterlab",
          "vendor": "jupyterlab",
          "versions": [
            {
              "status": "affected",
              "version": "notebook:  \u003e= 7.0.0, \u003c= 7.2.2"
            },
            {
              "status": "affected",
              "version": "jupyterlab: \u003e= 4.0.0, \u003c 4.2.5"
            },
            {
              "status": "affected",
              "version": "jupyterlab: \u003c 3.6.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 have been patched to resolve this issue. Users are advised to upgrade. There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins can be disabled on deployments which cannot update in a timely fashion to minimise the risk. These are: 1. `@jupyterlab/mathjax-extension:plugin` - users will loose ability to preview mathematical equations. 2. `@jupyterlab/markdownviewer-extension:plugin` - users will loose ability to open Markdown previews. 3. `@jupyterlab/mathjax2-extension:plugin` (if installed with optional `jupyterlab-mathjax2` package) - an older version of the mathjax plugin for JupyterLab 4.x. To disable these extensions run: ```jupyter labextension disable @jupyterlab/markdownviewer-extension:plugin \u0026\u0026 jupyter labextension disable @jupyterlab/mathjax-extension:plugin \u0026\u0026 jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` in bash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T19:43:20.007Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-9q39-rmj3-p4r2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-9q39-rmj3-p4r2"
        }
      ],
      "source": {
        "advisory": "GHSA-9q39-rmj3-p4r2",
        "discovery": "UNKNOWN"
      },
      "title": "HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43805",
    "datePublished": "2024-08-28T19:43:20.007Z",
    "dateReserved": "2024-08-16T14:20:37.326Z",
    "dateUpdated": "2024-08-28T19:58:57.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-43805\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-08-28T20:15:07.963\",\"lastModified\":\"2024-08-30T15:56:16.477\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 have been patched to resolve this issue. Users are advised to upgrade. There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins can be disabled on deployments which cannot update in a timely fashion to minimise the risk. These are: 1. `@jupyterlab/mathjax-extension:plugin` - users will loose ability to preview mathematical equations. 2. `@jupyterlab/markdownviewer-extension:plugin` - users will loose ability to open Markdown previews. 3. `@jupyterlab/mathjax2-extension:plugin` (if installed with optional `jupyterlab-mathjax2` package) - an older version of the mathjax plugin for JupyterLab 4.x. To disable these extensions run: ```jupyter labextension disable @jupyterlab/markdownviewer-extension:plugin \u0026\u0026 jupyter labextension disable @jupyterlab/mathjax-extension:plugin \u0026\u0026 jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` in bash.\"},{\"lang\":\"es\",\"value\":\"jupyterlab es un entorno extensible para computaci\u00f3n interactiva y reproducible, basado en la arquitectura Jupyter Notebook. Esta vulnerabilidad depende de la interacci\u00f3n del usuario al abrir un notebook malicioso con celdas Markdown o un archivo Markdown utilizando la funci\u00f3n de vista previa de JupyterLab. Un usuario malicioso puede acceder a cualquier dato al que tenga acceso el usuario atacado, as\u00ed como realizar solicitudes arbitrarias actuando como el usuario atacado. JupyterLab v3.6.8, v4.2.5 y Jupyter Notebook v7.2.2 han sido parcheados para resolver este problema. Se recomienda a los usuarios que actualicen. No existe un workaround para la susceptibilidad subyacente de DOM Clobbering. Sin embargo, se pueden deshabilitar complementos seleccionados en implementaciones que no se pueden actualizar de manera oportuna para minimizar el riesgo. Estos son: 1. `@jupyterlab/mathjax-extension:plugin`: los usuarios perder\u00e1n la capacidad de obtener una vista previa de ecuaciones matem\u00e1ticas. 2. `@jupyterlab/markdownviewer-extension:plugin`: los usuarios perder\u00e1n la capacidad de abrir vistas previas de Markdown. 3. `@jupyterlab/mathjax2-extension:plugin` (si se instala con el paquete opcional `jupyterlab-mathjax2`): una versi\u00f3n anterior del complemento mathjax para JupyterLab 4.x. Para deshabilitar estas extensiones, ejecute: ```jupyter labextension deshabilitar @jupyterlab/markdownviewer-extension:plugin \u0026amp;\u0026amp; jupyter labextension deshabilitar @jupyterlab/mathjax-extension:plugin \u0026amp;\u0026amp; jupyter labextension deshabilitar @jupyterlab/mathjax2-extension:plugin ``` en bash.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.6.8\",\"matchCriteriaId\":\"337133F2-7029-423A-A338-3C776D6C591F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.2.5\",\"matchCriteriaId\":\"57D35DC3-6F2E-43D7-B761-6580FF1A91B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.2.2\",\"matchCriteriaId\":\"19F56C5F-64AF-4D64-8E01-DB00496E9555\"}]}]}],\"references\":[{\"url\":\"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-9q39-rmj3-p4r2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.