cvelistv5 - CVE-2022-24757

▼	URL	Tags
	security-advisories@github.com	https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a	Patch, Third Party Advisory
	security-advisories@github.com	https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr	Third Party Advisory

▼	Vendor	Product
	jupyter-server	jupyter_server

ghsa-p737-p57g-4cpr

Vulnerability from github

Published

2022-03-25 19:20

Modified

2022-03-25 19:20

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Insertion of Sensitive Information into Log File in Jupyter notebook

Details

Impact

What kind of vulnerability is it?

Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.

Patches

Has the problem been patched? What versions should users upgrade to?

Upgrade to Jupyter Server version 1.15.4

For more information

If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.

Credit: @3coins for reporting. Thank you!

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyter-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-25T19:20:39Z",
    "nvd_published_at": "2022-03-23T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n_What kind of vulnerability is it?_\n\nAnytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nUpgrade to Jupyter Server version 1.15.4\n\n### For more information\n\nIf you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [security@ipython.org](mailto:security@ipython.org).\n\nCredit: @3coins for reporting. Thank you!\n\n",
  "id": "GHSA-p737-p57g-4cpr",
  "modified": "2022-03-25T19:20:39Z",
  "published": "2022-03-25T19:20:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24757"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyter-server/jupyter_server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2022-179.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insertion of Sensitive Information into Log File in Jupyter notebook"
}

gsd-2022-24757

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.

Aliases

CVE-2022-24757

Aliases

CVE-2022-24757

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-24757",
    "description": "The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.",
    "id": "GSD-2022-24757"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24757"
      ],
      "details": "The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.",
      "id": "GSD-2022-24757",
      "modified": "2023-12-13T01:19:43.159064Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-24757",
        "STATE": "PUBLIC",
        "TITLE": "Sensitive Auth \u0026 Cookie data stored in Jupyter server logs"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "jupyter_server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.15.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "jupyter-server"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-532: Insertion of Sensitive Information into Log File"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr",
            "refsource": "CONFIRM",
            "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr"
          },
          {
            "name": "https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a",
            "refsource": "MISC",
            "url": "https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-p737-p57g-4cpr",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.15.4",
          "affected_versions": "All versions before 1.15.4",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-532",
            "CWE-937"
          ],
          "date": "2022-04-04",
          "description": "The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.",
          "fixed_versions": [
            "1.15.4"
          ],
          "identifier": "CVE-2022-24757",
          "identifiers": [
            "CVE-2022-24757",
            "GHSA-p737-p57g-4cpr"
          ],
          "not_impacted": "All versions starting from 1.15.4",
          "package_slug": "pypi/jupyter-server",
          "pubdate": "2022-03-23",
          "solution": "Upgrade to version 1.15.4 or above.",
          "title": "Insertion of Sensitive Information into Log File",
          "urls": [
            "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-24757",
            "https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a",
            "https://github.com/advisories/GHSA-p737-p57g-4cpr"
          ],
          "uuid": "300a8aec-aef6-4fb6-be69-6101bbe6ceff"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.15.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24757"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr"
            },
            {
              "name": "https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-04-04T20:46Z",
      "publishedDate": "2022-03-23T21:15Z"
    }
  }
}

pysec-2022-179

Vulnerability from pysec

Published

2022-03-23 21:15

Modified

2022-04-11 00:47

Details

The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "jupyter-server",
        "purl": "pkg:pypi/jupyter-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "a5683aca0b0e412672ac6218d09f74d44ca0de5a"
            }
          ],
          "repo": "https://github.com/jupyter-server/jupyter_server",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.0",
        "0.0.1",
        "0.0.2",
        "0.0.3",
        "0.0.4",
        "0.0.5",
        "0.1.0",
        "0.1.1",
        "0.2.0",
        "0.2.1",
        "0.3.0",
        "1.0.0",
        "1.0.0rc0",
        "1.0.0rc1",
        "1.0.0rc10",
        "1.0.0rc11",
        "1.0.0rc12",
        "1.0.0rc13",
        "1.0.0rc14",
        "1.0.0rc15",
        "1.0.0rc16",
        "1.0.0rc2",
        "1.0.0rc3",
        "1.0.0rc4",
        "1.0.0rc5",
        "1.0.0rc6",
        "1.0.0rc7",
        "1.0.0rc8",
        "1.0.0rc9",
        "1.0.1",
        "1.0.10",
        "1.0.11",
        "1.0.2",
        "1.0.3",
        "1.0.4",
        "1.0.5",
        "1.0.6",
        "1.0.7",
        "1.0.8",
        "1.0.9",
        "1.1.0",
        "1.1.1",
        "1.1.2",
        "1.1.3",
        "1.1.4",
        "1.10.0",
        "1.10.1",
        "1.10.2",
        "1.11.0",
        "1.11.1",
        "1.11.2",
        "1.12.0",
        "1.12.1",
        "1.13.0",
        "1.13.1",
        "1.13.2",
        "1.13.3",
        "1.13.4",
        "1.13.5",
        "1.15.0",
        "1.15.1",
        "1.15.2",
        "1.15.3",
        "1.2.0",
        "1.2.1",
        "1.2.2",
        "1.2.3",
        "1.3.0",
        "1.4.0",
        "1.4.1",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.6.1",
        "1.6.2",
        "1.6.3",
        "1.6.4",
        "1.7.0",
        "1.7.0a1",
        "1.7.0a2",
        "1.8.0",
        "1.9.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24757",
    "GHSA-p737-p57g-4cpr"
  ],
  "details": "The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.",
  "id": "PYSEC-2022-179",
  "modified": "2022-04-11T00:47:25.682046Z",
  "published": "2022-03-23T21:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr"
    },
    {
      "type": "FIX",
      "url": "https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a"
    }
  ]
}

CVE-2022-24757

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

CVE-2022-24757

Vulnerability from cvelistv5

ghsa-p737-p57g-4cpr

Vulnerability from github

Impact

Patches

For more information

gsd-2022-24757

Vulnerability from gsd

pysec-2022-179

Vulnerability from pysec

Tags

Sightings

Nomenclature