Lucene search

UbuntuUSN-5953-1

HistoryMar 15, 2023 - 12:00 a.m.

IPython vulnerabilities

2023-03-1500:00:00

ubuntu.com

ipython

ubuntu

vulnerability

csrf

rest api

cross-user

code execution

14.04 esm

18.04 esm

20.04 esm

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

Releases

Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 14.04 ESM

Packages

ipython - Enhanced interactive Python 2 shell

Details

It was discovered that IPython incorrectly processed REST API POST requests.
An attacker could possibly use this issue to launch a cross-site request
forgery (CSRF) attack and leak user’s sensitive information. This issue
only affected Ubuntu 14.04 ESM. (CVE-2015-5607)

It was discovered that IPython did not properly manage cross user temporary
files. A local attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.
(CVE-2022-21699)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchpython3-ipython< 7.13.0-1ubuntu0.1~esm1UNKNOWN
Ubuntu20.04noarchipython3< 7.13.0-1UNKNOWN
Ubuntu20.04noarchpython-ipython-doc< 7.13.0-1UNKNOWN
Ubuntu20.04noarchpython3-ipython< 7.13.0-1UNKNOWN
Ubuntu20.04noarchipython3< 7.13.0-1ubuntu0.1~esm1UNKNOWN
Ubuntu18.04noarchipython< 5.5.0-1ubuntu0.1~esm1UNKNOWN
Ubuntu18.04noarchipython< 5.5.0-1UNKNOWN
Ubuntu18.04noarchipython3< 5.5.0-1UNKNOWN
Ubuntu18.04noarchpython-ipython< 5.5.0-1UNKNOWN
Ubuntu18.04noarchpython-ipython-doc< 5.5.0-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.04	noarch	python3-ipython	< 7.13.0-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	20.04	noarch	ipython3	< 7.13.0-1	UNKNOWN
Ubuntu	20.04	noarch	python-ipython-doc	< 7.13.0-1	UNKNOWN
Ubuntu	20.04	noarch	python3-ipython	< 7.13.0-1	UNKNOWN
Ubuntu	20.04	noarch	ipython3	< 7.13.0-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	18.04	noarch	ipython	< 5.5.0-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	18.04	noarch	ipython	< 5.5.0-1	UNKNOWN
Ubuntu	18.04	noarch	ipython3	< 5.5.0-1	UNKNOWN
Ubuntu	18.04	noarch	python-ipython	< 5.5.0-1	UNKNOWN
Ubuntu	18.04	noarch	python-ipython-doc	< 5.5.0-1	UNKNOWN