CVE-2014-3429
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
IPython Notebook 0.12 hasta 1.x anterior a 1.2 no valida el origen de las solicitudes de Websockets, lo que permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de conocimiento del kernel id y una página manipulada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-05-07 CVE Reserved
- 2014-08-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0320.html | Third Party Advisory | |
| http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython | Media Coverage | |
| http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198 | Broken Link | |
| http://seclists.org/oss-sec/2014/q3/152 | Mailing List |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=1119890 | Issue Tracking | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94497 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ipython/ipython/pull/4845 | 2018-10-30 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html | 2018-10-30 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:160 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
| Ipython Search vendor "Ipython" | Ipython Notebook Search vendor "Ipython" for product "Ipython Notebook" | 0.12 Search vendor "Ipython" for product "Ipython Notebook" and version "0.12" | - |
Affected
| ||||||
| Ipython Search vendor "Ipython" | Ipython Notebook Search vendor "Ipython" for product "Ipython Notebook" | 0.12.1 Search vendor "Ipython" for product "Ipython Notebook" and version "0.12.1" | - |
Affected
| ||||||
| Ipython Search vendor "Ipython" | Ipython Notebook Search vendor "Ipython" for product "Ipython Notebook" | 0.13 Search vendor "Ipython" for product "Ipython Notebook" and version "0.13" | - |
Affected
| ||||||
| Ipython Search vendor "Ipython" | Ipython Notebook Search vendor "Ipython" for product "Ipython Notebook" | 0.13.1 Search vendor "Ipython" for product "Ipython Notebook" and version "0.13.1" | - |
Affected
| ||||||
| Ipython Search vendor "Ipython" | Ipython Notebook Search vendor "Ipython" for product "Ipython Notebook" | 0.13.2 Search vendor "Ipython" for product "Ipython Notebook" and version "0.13.2" | - |
Affected
| ||||||
| Ipython Search vendor "Ipython" | Ipython Notebook Search vendor "Ipython" for product "Ipython Notebook" | 1.0.0 Search vendor "Ipython" for product "Ipython Notebook" and version "1.0.0" | - |
Affected
| ||||||
| Ipython Search vendor "Ipython" | Ipython Notebook Search vendor "Ipython" for product "Ipython Notebook" | 1.1.0 Search vendor "Ipython" for product "Ipython Notebook" and version "1.1.0" | - |
Affected
| ||||||
| Mageia Search vendor "Mageia" | Mageia Search vendor "Mageia" for product "Mageia" | 3.0 Search vendor "Mageia" for product "Mageia" and version "3.0" | - |
Affected
| ||||||
| Mageia Search vendor "Mageia" | Mageia Search vendor "Mageia" for product "Mageia" | 4.0 Search vendor "Mageia" for product "Mageia" and version "4.0" | - |
Affected
| ||||||