CVE-2021-39159

Remote code execution in Binderhub

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround.

BinderHub es un servicio en la nube basado en kubernetes que permite a usuarios compartir entornos informáticos interactivos reproducibles a partir de repositorios de código. En las versiones afectadas se ha identificado una vulnerabilidad de ejecución de código remota en BinderHub, en la que al proporcionar a BinderHub una entrada maliciosamente diseñada se podría ejecutar código en el contexto de BinderHub, con el potencial de sacar las credenciales del despliegue de BinderHub, incluidos los tokens de la API de JupyterHub, las cuentas de servicio de kubernetes y las credenciales del registro de Docker. Esto puede proporcionar la habilidad de manipular imágenes y otros pods creados por el usuario en el despliegue, con el potencial de escalar al host dependiendo de la configuración subyacente de kubernetes. Se recomienda a usuarios que actualicen a la versión 0.2.0-n653. Si los usuarios no pueden actualizar pueden deshabilitar el proveedor de repo git al especificar "BinderHub.repo_providers" como solución alternativa.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-08-16 CVE Reserved
2021-08-25 CVE Published
2024-08-04 CVE Updated
2024-10-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/jupyterhub/binderhub/commit/195caac172690456dcdc8cc7a6ca50e05abf8182.patch	2022-10-25
https://github.com/jupyterhub/binderhub/security/advisories/GHSA-9jjr-qqfp-ppwx	2022-10-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jupyter Search vendor "Jupyter"		Binderhub Search vendor "Jupyter" for product "Binderhub"				< 0.2.0-n653 Search vendor "Jupyter" for product "Binderhub" and version " < 0.2.0-n653"		-		Affected