CVE-2024-22415

Unsecured endpoints in the jupyter-lsp server extension

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.

jupyter-lsp es una herramienta de asistencia de codificación para JupyterLab (navegación de código + sugerencias de desplazamiento + linters + autocompletado + cambio de nombre) que utiliza el protocolo de servidor de idiomas. Las instalaciones de jupyter-lsp que se ejecutan en entornos sin control de acceso al sistema de archivos configurado (en el nivel del sistema operativo) y con instancias de jupyter-server expuestas a una red no confiable son vulnerables al acceso no autorizado y a la modificación del sistema de archivos más allá del directorio raíz de jupyter. Este problema se solucionó en la versión 2.2.2 y se recomienda a todos los usuarios que actualicen. Los usuarios que no puedan actualizar deben desinstalar jupyter-lsp.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-01-10 CVE Reserved
2024-01-18 CVE Published
2024-01-31 EPSS Updated
2024-09-10 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23: Relative Path Traversal
CWE-284: Improper Access Control
CWE-306: Missing Authentication for Critical Function

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95	2024-01-30

URL	Date	SRC
https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x	2024-01-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jupyter Search vendor "Jupyter"		Language Server Protocol Integration Search vendor "Jupyter" for product "Language Server Protocol Integration"				< 2.2.2 Search vendor "Jupyter" for product "Language Server Protocol Integration" and version " < 2.2.2"		jupyter		Affected