jupyter-server-proxy
Corrigé dans
4.0.1
3.2.4
4.1.1
3.2.3
CVE-2024-28179 is a critical vulnerability affecting Jupyter Server Proxy versions up to 4.1.0. This flaw allows unauthenticated users to access websocket endpoints, potentially leading to remote code execution. The vulnerability stems from inadequate user authentication checks when proxying websockets. A fix is available in version 3.2.3.
The impact of CVE-2024-28179 is severe. An attacker can exploit this vulnerability to gain unauthenticated access to websocket endpoints managed by Jupyter Server Proxy. This access can be leveraged to execute arbitrary code on the server, potentially compromising the entire Jupyter notebook environment. The attacker could steal sensitive data, modify notebooks, install malware, or even gain persistent access to the system. The blast radius extends to any user or system interacting with the vulnerable Jupyter Server Proxy instance, particularly those relying on websocket communication for data exchange or real-time interactions.
CVE-2024-28179 was publicly disclosed on March 20, 2024. The vulnerability has a high probability of exploitation (EPSS score likely to be high) due to its ease of exploitation and the critical nature of the potential impact. Public proof-of-concept exploits are likely to emerge quickly. This vulnerability is not currently listed on the CISA KEV catalog, but its severity warrants close monitoring.
Organizations and individuals using Jupyter notebooks in production environments, particularly those relying on Jupyter Server Proxy for websocket communication, are at significant risk. Shared hosting environments where Jupyter notebooks are deployed could be particularly vulnerable, as attackers might exploit the vulnerability to compromise multiple users.
• python / jupyter:
import subprocess
result = subprocess.run(['jupyter', 'server', '--version'], capture_output=True, text=True)
if result.stdout.strip() <= '4.1.0':
print("Vulnerable version detected!")• linux / server:
ps aux | grep jupyter-server-proxy | grep -q 'websocket'
if [ $? -eq 0 ]; then
echo "Jupyter Server Proxy with websocket enabled detected - investigate further!"
fi• generic web:
curl -I http://<jupyter_server_proxy_url>/api/routes | grep -q 'websocket'
if [ $? -eq 0 ]; then
echo "Websocket endpoint detected - potential vulnerability!"
fidisclosure
Statut de l'Exploit
EPSS
0.35% (percentile 58%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-28179 is to upgrade Jupyter Server Proxy to version 3.2.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the Jupyter Server Proxy endpoint using a firewall or intrusion prevention system. Review and strengthen authentication mechanisms for websocket endpoints. Monitor Jupyter Server Proxy logs for suspicious activity, particularly unauthorized access attempts. After upgrading, confirm the fix by attempting to access a websocket endpoint without authentication and verifying that access is denied.
Mettez à jour Jupyter Server Proxy à la version 3.2.3 ou supérieure, ou à la version 4.1.1 ou supérieure. Cela corrige la vulnérabilité d'authentification dans le proxy de websockets. Exécutez `pip install --upgrade jupyter-server-proxy` pour mettre à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-28179 is a critical vulnerability in Jupyter Server Proxy versions up to 4.1.0 that allows unauthenticated users to access websocket endpoints, potentially leading to remote code execution.
You are affected if you are using Jupyter Server Proxy versions 4.1.0 or earlier. Check your version immediately.
Upgrade Jupyter Server Proxy to version 3.2.3 or later to resolve the vulnerability. If upgrading is not possible, implement temporary workarounds like restricting network access.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation. Monitor your systems closely.
Refer to the official Jupyter Server Proxy security advisory for detailed information and updates: https://github.com/jupyter/server-proxy/security/advisories/GHSA-xxxx-xxxx-xxxx
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.