CVE-2022-21699
Arbitrary Code Execution vulnerability in ipython (PyPI)
What is CVE-2022-21699 About?
This vulnerability in IPython allows for arbitrary code execution by not properly managing cross-user temporary files. This enables one user to execute code as another on the same machine, posing a significant security risk. Exploitation is relatively straightforward for an attacker with local access to the affected system.
Affected Software
- ipython
- <6.0.0rc1
- >6.0.0, <7.16.3
- >7.17.0, <7.31.1
- <5.11
- >8.0.0, <8.0.1
- <46a51ed69cdf41b4333943d9ceeb945c4ede5668
Technical Details
The arbitrary code execution vulnerability in IPython stems from improper management of temporary files generated across different user sessions. IPython fails to adequately isolate or secure these temporary files, allowing a malicious user to manipulate or replace temporary files owned by another user. When the legitimate user's IPython session attempts to access or execute its intended temporary files, it inadvertently processes the attacker's crafted files, leading to arbitrary code execution within the context and privileges of the legitimate user.
What is the Impact of CVE-2022-21699?
Successful exploitation may allow attackers to execute arbitrary code with the privileges of another user on the same system, leading to privilege escalation, unauthorized data access, or complete system compromise.
What is the Exploitability of CVE-2022-21699?
Exploitation requires local access to the machine where IPython is installed and used by multiple users. The complexity is low to medium, as it relies on manipulating common temporary file mechanisms. No prior authentication to the target user's session is needed, but the attacker must be an authenticated user on the same system. No specific elevated privileges are required initially, aside from standard user access. This is a local vulnerability, meaning the attacker must have a presence on the affected system. The primary conditions are shared machine usage of IPython by multiple users and the lack of proper temporary file isolation. The risk increases in multi-user environments where IPython is frequently used without proper system-level sandboxing or user separation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-21699?
Available Upgrade Options
- ipython
- >8.0.0, <8.0.1 → Upgrade to 8.0.1
- ipython
- >7.17.0, <7.31.1 → Upgrade to 7.31.1
- ipython
- <5.11 → Upgrade to 5.11
- ipython
- <6.0.0rc1 → Upgrade to 6.0.0rc1
- ipython
- >6.0.0, <7.16.3 → Upgrade to 7.16.3
- ipython
- <46a51ed69cdf41b4333943d9ceeb945c4ede5668 → Upgrade to 46a51ed69cdf41b4333943d9ceeb945c4ede5668
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
- https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB
- https://nvd.nist.gov/vuln/detail/CVE-2022-21699
- https://osv.dev/vulnerability/PYSEC-2022-12
- https://github.com/ipython/ipython
- https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
- https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2022-12.yaml
- https://osv.dev/vulnerability/GHSA-pq7m-3gw7-gq5x
What are Similar Vulnerabilities to CVE-2022-21699?
Similar Vulnerabilities: CVE-2022-25907 , CVE-2022-24754 , CVE-2022-2990 , CVE-2021-39293 , CVE-2021-39294
