CVE-2024-22415 - OpenCVE

jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Jupyter	Language Server Protocol Integration

Configuration 1 [-]

cpe:2.3:a:jupyter:language_server_protocol_integration:*:*:*:*:*:jupyter:*:*

References

Link	Resource
https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95	Patch
https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-18T20:27:39.180Z

Updated: 2024-01-18T20:27:39.180Z

Reserved: 2024-01-10T15:09:55.552Z

Link: CVE-2024-22415

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-18T21:15:09.087

Modified: 2024-01-30T15:22:32.770

Link: CVE-2024-22415

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-22415", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-10T15:09:55.552Z", "datePublished": "2024-01-18T20:27:39.180Z", "dateUpdated": "2024-01-18T20:27:39.180Z"}, "containers": {"cna": {"title": "Unsecured endpoints in the jupyter-lsp server extension", "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "lang": "en", "description": "CWE-23: Relative Path Traversal", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x"}, {"name": "https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95", "tags": ["x_refsource_MISC"], "url": "https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95"}], "affected": [{"vendor": "jupyter-lsp", "product": "jupyterlab-lsp", "versions": [{"version": "< 2.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-18T20:27:39.180Z"}, "descriptions": [{"lang": "en", "value": "jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp."}], "source": {"advisory": "GHSA-4qhp-652w-c22x", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jupyter:language_server_protocol_integration:*:*:*:*:*:jupyter:*:*", "matchCriteriaId": "8721BAB0-1BD7-4974-807D-514D81E81AC8", "versionEndExcluding": "2.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp."}, {"lang": "es", "value": "jupyter-lsp es una herramienta de asistencia de codificaci\u00f3n para JupyterLab (navegaci\u00f3n de c\u00f3digo + sugerencias de desplazamiento + linters + autocompletado + cambio de nombre) que utiliza el protocolo de servidor de idiomas. Las instalaciones de jupyter-lsp que se ejecutan en entornos sin control de acceso al sistema de archivos configurado (en el nivel del sistema operativo) y con instancias de jupyter-server expuestas a una red no confiable son vulnerables al acceso no autorizado y a la modificaci\u00f3n del sistema de archivos m\u00e1s all\u00e1 del directorio ra\u00edz de jupyter. Este problema se solucion\u00f3 en la versi\u00f3n 2.2.2 y se recomienda a todos los usuarios que actualicen. Los usuarios que no puedan actualizar deben desinstalar jupyter-lsp."}], "id": "CVE-2024-22415", "lastModified": "2024-01-30T15:22:32.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-18T21:15:09.087", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-23"}, {"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-306"}], "source": "security-advisories@github.com", "type": "Secondary"}]}