CVE-2023-40170
Improper Cross-Site Credential Checks vulnerability in jupyter-server (PyPI)
What is CVE-2023-40170 About?
This vulnerability in Jupyter Server is due to improper cross-site credential checks on `/files/` URLs. This flaw can lead to the exposure of file contents or unauthorized file access when opening untrusted files. Exploitation is moderately complex, requiring specific conditions related to URL and file handling.
Affected Software
- jupyter-server
- <2.7.2
- <87a4927272819f0b1cae1afa4c8c86ee2da002fd
Technical Details
The vulnerability arises from an incomplete fix for CVE-2019-9644 in Jupyter Server versions prior to 2.7.2. Specifically, improper cross-site credential checks on /files/ URLs allow for the exposure of certain file contents or unauthorized access to files. When a user opens untrusted files, particularly via 'Open image in new tab', the server's handlers (ContentsManager.files_handler_class) might fail to adequately enforce credential or origin policies, thereby allowing a malicious site (or content within an untrusted file) to bypass security measures and access resources it should not be able to.
What is the Impact of CVE-2023-40170?
Successful exploitation may allow attackers to access and expose sensitive file contents, or gain unauthorized access to arbitrary files on the server.
What is the Exploitability of CVE-2023-40170?
Exploitation of this vulnerability is moderately complex, requiring knowledge of how Jupyter Server handles /files/ URLs and cross-site requests. Prerequisites include a user being tricked into opening an untrusted file or accessing a malicious URL. This is likely a remote attack vector, possibly involving social engineering or cross-site attack techniques. Authentication to the Jupyter Server would likely be required for the target user, but the exploit leverages improper checks after authentication. No specific privilege requirements beyond having access to interact with the Jupyter Server. Special conditions include the use of certain file opening mechanisms (e.g., 'Open image in new tab') that might bypass intended security controls. Risk factors include environments where users frequently interact with untrusted files or links.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-40170?
Available Upgrade Options
- jupyter-server
- <87a4927272819f0b1cae1afa4c8c86ee2da002fd → Upgrade to 87a4927272819f0b1cae1afa4c8c86ee2da002fd
- jupyter-server
- <2.7.2 → Upgrade to 2.7.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
- https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
- https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd
- https://osv.dev/vulnerability/GHSA-64x5-55rw-9974
- https://nvd.nist.gov/vuln/detail/CVE-2023-40170
- https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd
- https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-157.yaml
- https://osv.dev/vulnerability/PYSEC-2023-157
What are Similar Vulnerabilities to CVE-2023-40170?
Similar Vulnerabilities: CVE-2020-15174 , CVE-2021-32688 , CVE-2022-24765 , CVE-2022-31034 , CVE-2023-27352
