SB2022083035 - Ubuntu update for jupyter-notebook

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022083035

SB2022083035 - Ubuntu update for jupyter-notebook

Published: August 30, 2022

Security Bulletin ID SB2022083035
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Cross-site scripting (CVE-ID: CVE-2018-19351)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in notebook/nbconvert/handlers.py. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


2) Security features bypass (CVE-ID: CVE-2018-21030)

The vulnerability allows a remote user to perform XSS attacks.

The vulnerability exists due to application does not use a CSP header to treat served files as belonging to a separate origin. A remote user can upload an SVG file with XSS payload and execute arbitrary JavaScript code in victim's browser.


3) Open redirect (CVE-ID: CVE-2019-10255)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.


4) Open redirect (CVE-ID: CVE-2019-10856)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Note, the vulnerability exists due to incomplete fix for #VU66862 (CVE-2019-10255).


5) Cross-site scripting (CVE-ID: CVE-2019-9644)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


6) Open redirect (CVE-ID: CVE-2020-26215)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.


7) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2022-24758)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files, such as authentication cookies and header values when a 5xx error is triggered. A local user can read the log files and gain access to sensitive data.


8) Direct Request ('Forced Browsing') (CVE-ID: CVE-2022-29238)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper access control. A remote user can send a specially crafted request with "ContentsManager.allow_hidden = False" and gain unauthorized access to sensitive information on the system.


Remediation

Install update from vendor's website.

References