FreeBSD81326883-2905-11E5-A4A5-002590263BF5devel/ipython -- CSRF possible remote execution vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
57.3%
Kyle Kelley reports:
Summary: POST requests exposed via the IPython REST API are
vulnerable to cross-site request forgery (CSRF). Web pages on
different domains can make non-AJAX POST requests to known IPython
URLs, and IPython will honor them. The user’s browser will
automatically send IPython cookies along with the requests. The
response is blocked by the Same-Origin Policy, but the request
isn’t.
API paths with issues:
POST /api/contents/<path>/<file>
POST /api/contents/<path>/<file>/checkpoints
POST /api/contents/<path>/<file>/checkpoints/<checkpoint_id>
POST /api/kernels
POST /api/kernels/<kernel_id>/<action>
POST /api/sessions
POST /api/clusters/<cluster_id>/<action>
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
57.3%