{"containers": {"cna": {"affected": [{"product": "binderhub", "vendor": "jupyterhub", "versions": [{"status": "affected", "version": "< 0.2.0-n653"}]}], "descriptions": [{"lang": "en", "value": "BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-25T18:20:09", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jupyterhub/binderhub/security/advisories/GHSA-9jjr-qqfp-ppwx"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jupyterhub/binderhub/commit/195caac172690456dcdc8cc7a6ca50e05abf8182.patch"}], "source": {"advisory": "GHSA-9jjr-qqfp-ppwx", "discovery": "UNKNOWN"}, "title": "Remote code execution in Binderhub", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39159", "STATE": "PUBLIC", "TITLE": "Remote code execution in Binderhub"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "binderhub", "version": {"version_data": [{"version_value": "< 0.2.0-n653"}]}}]}, "vendor_name": "jupyterhub"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/jupyterhub/binderhub/security/advisories/GHSA-9jjr-qqfp-ppwx", "refsource": "CONFIRM", "url": "https://github.com/jupyterhub/binderhub/security/advisories/GHSA-9jjr-qqfp-ppwx"}, {"name": "https://github.com/jupyterhub/binderhub/commit/195caac172690456dcdc8cc7a6ca50e05abf8182.patch", "refsource": "MISC", "url": "https://github.com/jupyterhub/binderhub/commit/195caac172690456dcdc8cc7a6ca50e05abf8182.patch"}]}, "source": {"advisory": "GHSA-9jjr-qqfp-ppwx", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39159", "datePublished": "2021-08-25T18:20:09", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2021-08-25T18:20:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jupyter:binderhub:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EAB64B3-7D9C-456B-80E3-2476E40E5CDE", "versionEndExcluding": "0.2.0-n653", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround."}, {"lang": "es", "value": "BinderHub es un servicio en la nube basado en kubernetes que permite a usuarios compartir entornos inform\u00e1ticos interactivos reproducibles a partir de repositorios de c\u00f3digo. En las versiones afectadas se ha identificado una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en BinderHub, en la que al proporcionar a BinderHub una entrada maliciosamente dise\u00f1ada se podr\u00eda ejecutar c\u00f3digo en el contexto de BinderHub, con el potencial de sacar las credenciales del despliegue de BinderHub, incluidos los tokens de la API de JupyterHub, las cuentas de servicio de kubernetes y las credenciales del registro de Docker. Esto puede proporcionar la habilidad de manipular im\u00e1genes y otros pods creados por el usuario en el despliegue, con el potencial de escalar al host dependiendo de la configuraci\u00f3n subyacente de kubernetes. Se recomienda a usuarios que actualicen a la versi\u00f3n 0.2.0-n653. Si los usuarios no pueden actualizar pueden deshabilitar el proveedor de repo git al especificar \"BinderHub.repo_providers\" como soluci\u00f3n alternativa."}], "id": "CVE-2021-39159", "lastModified": "2022-10-25T17:51:44.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-08-25T19:15:14.177", "references": [{"source": "security-advisories@github.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://github.com/jupyterhub/binderhub/commit/195caac172690456dcdc8cc7a6ca50e05abf8182.patch"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jupyterhub/binderhub/security/advisories/GHSA-9jjr-qqfp-ppwx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}