CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
There is a reflected cross-site scripting (XSS) issue in jupyter-server-proxy
[1]. The /proxy
endpoint accepts a host
path segment in the format /proxy/<host>
. When this endpoint is called with an invalid host
value, jupyter-server-proxy
replies with a response that includes the value of host
, without sanitization [2]. A third-party actor can leverage this by sending a phishing link with an invalid host
value containing custom JavaScript to a user. When the user clicks this phishing link, the browser renders the response of GET /proxy/<host>
, which runs the custom JavaScript contained in host
set by the actor.
As any arbitrary JavaScript can be run after the user clicks on a phishing link, this issue permits extensive access to the user’s JupyterLab instance for an actor. This issue exists in the latest release of jupyter-server-proxy
, currently v4.1.2
.
Impacted versions: >=3.0.0,<=4.1.2
The patches are included in ==4.2.0
and ==3.2.4
.
Server operators who are unable to upgrade can disable the jupyter-server-proxy
extension with:
jupyter server extension disable jupyter-server-proxy
[1] : https://github.com/jupyterhub/jupyter-server-proxy/
[2] : https://github.com/jupyterhub/jupyter-server-proxy/blob/62a290f08750f7ae55a0c29ca339c9a39a7b2a7b/jupyter_server_proxy/handlers.py#L328
Vendor | Product | Version | CPE |
---|---|---|---|
jupyter | jupyter_server_proxy | * | cpe:2.3:a:jupyter:jupyter_server_proxy:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-fvcq-4x64-hqxr
github.com/jupyterhub/jupyter-server-proxy/blob/62a290f08750f7ae55a0c29ca339c9a39a7b2a7b/jupyter_server_proxy/handlers.py#L328
github.com/jupyterhub/jupyter-server-proxy/commit/7abc9dc5bbb0b4b440548a5375261b8b8192fc22
github.com/jupyterhub/jupyter-server-proxy/commit/ff78128087e73fb9d0909e1366f8bf051e8ea878
github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-fvcq-4x64-hqxr
nvd.nist.gov/vuln/detail/CVE-2024-35225
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%