BIT-jupyter-base-notebook-2024-43805
Cross-Site Scripting (XSS) vulnerability in jupyterlab (PyPI)
What is BIT-jupyter-base-notebook-2024-43805 About?
This Cross-Site Scripting (XSS) vulnerability in JupyterLab and Jupyter Notebook allows a malicious user to gain unauthorized access to data and perform arbitrary requests. Exploitation requires user interaction, specifically opening a crafted notebook or Markdown file. The severity is high due to the potential for full account compromise once exploited.
Affected Software
- jupyterlab
- <3.6.8
- >=4.0.0, <4.2.5
- notebook
- >=7.0.0, <7.2.2
Technical Details
The vulnerability is a client-side Cross-Site Scripting (XSS) via DOM Clobbering, specifically affecting JupyterLab versions before v3.6.8 and v4.2.5, and Jupyter Notebook before v7.2.2. A malicious actor can craft a notebook or Markdown file containing specially constructed Markdown cells or content. When an unsuspecting user opens this malicious file within JupyterLab or uses its preview feature, the DOM Clobbering technique exploits a susceptibility in the application's rendering engine. This allows the attacker to manipulate the Document Object Model (DOM) to inject arbitrary scripts. Once arbitrary script execution is achieved, the attacker's code runs within the context of the user's browser, enabling them to bypass security policies, access data the user has access to, and perform actions or requests as the victimized user, potentially leading to session hijacking or further compromise.
What is the Impact of BIT-jupyter-base-notebook-2024-43805?
Successful exploitation may allow attackers to access any data the attacked user has access to, perform arbitrary requests acting as the attacked user, and potentially lead to service disruption or unauthorized data modification.
What is the Exploitability of BIT-jupyter-base-notebook-2024-43805?
Exploitation of this Cross-Site Scripting (XSS) vulnerability is of medium complexity and requires user interaction. The attacker must typically phish or trick a victim into opening a specially crafted malicious notebook or Markdown file within JupyterLab or Jupyter Notebook. There are no authentication requirements for the attacker to prepare the malicious file, but the victim must be authenticated and generally active within their Jupyter session for the full impact (data access, arbitrary requests) to manifest. The vulnerability is local to the victim's browser session. Key prerequisites involve the user opening untrusted content. Risk factors increasing exploitation likelihood include users frequently opening files from untrusted sources or a lack of user education regarding suspicious files. While disabling certain plugins can be a workaround, the underlying DOM Clobbering susceptibility remains until patching.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-jupyter-base-notebook-2024-43805?
Available Upgrade Options
- notebook
- >=7.0.0, <7.2.2 → Upgrade to 7.2.2
- jupyterlab
- <3.6.8 → Upgrade to 3.6.8
- jupyterlab
- >=4.0.0, <4.2.5 → Upgrade to 4.2.5
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-9q39-rmj3-p4r2
- https://github.com/jupyterlab/jupyterlab/commit/06ad9de836f155add7d3d651ef936cc4c5ea8093
- https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-9q39-rmj3-p4r2
- https://nvd.nist.gov/vuln/detail/CVE-2024-43805
- https://github.com/jupyterlab/jupyterlab/commit/88e24baac551196f9cb3de16bd060a7ab1597674
- https://osv.dev/vulnerability/GHSA-9q39-rmj3-p4r2
- https://github.com/jupyterlab/jupyterlab
What are Similar Vulnerabilities to BIT-jupyter-base-notebook-2024-43805?
Similar Vulnerabilities: CVE-2023-49080 , CVE-2023-49081 , CVE-2023-49082 , CVE-2022-29215 , CVE-2022-29216
