jupyter-server-proxy
Behoben in
4.0.1
3.2.4
4.1.1
3.2.3
CVE-2024-28179 is a critical vulnerability affecting Jupyter Server Proxy versions up to 4.1.0. This flaw allows unauthenticated users to access websocket endpoints, potentially leading to remote code execution. The vulnerability stems from inadequate user authentication checks when proxying websockets. A fix is available in version 3.2.3.
The impact of CVE-2024-28179 is severe. An attacker can exploit this vulnerability to gain unauthenticated access to websocket endpoints managed by Jupyter Server Proxy. This access can be leveraged to execute arbitrary code on the server, potentially compromising the entire Jupyter notebook environment. The attacker could steal sensitive data, modify notebooks, install malware, or even gain persistent access to the system. The blast radius extends to any user or system interacting with the vulnerable Jupyter Server Proxy instance, particularly those relying on websocket communication for data exchange or real-time interactions.
CVE-2024-28179 was publicly disclosed on March 20, 2024. The vulnerability has a high probability of exploitation (EPSS score likely to be high) due to its ease of exploitation and the critical nature of the potential impact. Public proof-of-concept exploits are likely to emerge quickly. This vulnerability is not currently listed on the CISA KEV catalog, but its severity warrants close monitoring.
Organizations and individuals using Jupyter notebooks in production environments, particularly those relying on Jupyter Server Proxy for websocket communication, are at significant risk. Shared hosting environments where Jupyter notebooks are deployed could be particularly vulnerable, as attackers might exploit the vulnerability to compromise multiple users.
• python / jupyter:
import subprocess
result = subprocess.run(['jupyter', 'server', '--version'], capture_output=True, text=True)
if result.stdout.strip() <= '4.1.0':
print("Vulnerable version detected!")• linux / server:
ps aux | grep jupyter-server-proxy | grep -q 'websocket'
if [ $? -eq 0 ]; then
echo "Jupyter Server Proxy with websocket enabled detected - investigate further!"
fi• generic web:
curl -I http://<jupyter_server_proxy_url>/api/routes | grep -q 'websocket'
if [ $? -eq 0 ]; then
echo "Websocket endpoint detected - potential vulnerability!"
fidisclosure
Exploit-Status
EPSS
0.35% (58% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-28179 is to upgrade Jupyter Server Proxy to version 3.2.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the Jupyter Server Proxy endpoint using a firewall or intrusion prevention system. Review and strengthen authentication mechanisms for websocket endpoints. Monitor Jupyter Server Proxy logs for suspicious activity, particularly unauthorized access attempts. After upgrading, confirm the fix by attempting to access a websocket endpoint without authentication and verifying that access is denied.
Aktualisieren Sie Jupyter Server Proxy auf Version 3.2.3 oder höher, oder auf Version 4.1.1 oder höher. Dies behebt die Authentifizierungsschwachstelle im WebSocket-Proxy. Führen Sie `pip install --upgrade jupyter-server-proxy` aus, um zu aktualisieren.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-28179 is a critical vulnerability in Jupyter Server Proxy versions up to 4.1.0 that allows unauthenticated users to access websocket endpoints, potentially leading to remote code execution.
You are affected if you are using Jupyter Server Proxy versions 4.1.0 or earlier. Check your version immediately.
Upgrade Jupyter Server Proxy to version 3.2.3 or later to resolve the vulnerability. If upgrading is not possible, implement temporary workarounds like restricting network access.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation. Monitor your systems closely.
Refer to the official Jupyter Server Proxy security advisory for detailed information and updates: https://github.com/jupyter/server-proxy/security/advisories/GHSA-xxxx-xxxx-xxxx
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.