#VU80088 Improper access control in Jupyter Server - CVE-2023-40170

Cybersecurity Help s.r.o.

Published: 2023-08-29

Vulnerability identifier: #VU80088

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-40170

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Jupyter Server
Server applications / Other server solutions

Vendor: Jupyter

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper cross-site credential checks on "/files/" URLs. A remote attacker can gain access to certain file contents, or access files when opening untrusted files via "Open image in new tab".

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Jupyter Server: 2.7.0 - 2.7.1

External links
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Anolis OS update for python-jupyter-server

Fedora 39 update for python-jupyter-server

Fedora 38 update for python-jupyter-server

Multiple vulnerabilities in Jupyter Server