JupyterLab vulnerable to potential authentication and CSRF tokens leak

2024-01-1920:28:10

Google

osv.dev

jupyterlab

authentication leak

csrf tokens

vulnerability

patch

jupyter-server

upgrade

intigriti

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.3%

JSON

Impact

Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server version.

Patches

JupyterLab 4.1.0b2, 4.0.11, and 3.6.7 were patched.

Workarounds

No workaround has been identified, however users should ensure to upgrade jupyter-server to version 2.7.2 or newer which includes a redirect vulnerability fix.

References

Vulnerability reported by user @davwwwx via the bug bounty program sponsored by the European Commission and hosted on the Intigriti platform.

CPENameOperatorVersion
jupyterlabeq0.27.0
jupyterlabeq4.0.2
jupyterlabeq0.27.0rc3
jupyterlabeq1.0.6
jupyterlabeq2.0.0rc0
jupyterlabeq3.6.0
jupyterlabeq1.2.14
jupyterlabeq3.0.0rc10
jupyterlabeq1.1.0a0
jupyterlabeq4.0.0

Name	Operator	Version
jupyterlab	eq	0.27.0
jupyterlab	eq	4.0.2
jupyterlab	eq	0.27.0rc3
jupyterlab	eq	1.0.6
jupyterlab	eq	2.0.0rc0
jupyterlab	eq	3.6.0
jupyterlab	eq	1.2.14
jupyterlab	eq	3.0.0rc10
jupyterlab	eq	1.1.0a0
jupyterlab	eq	4.0.0