Skip to content

SSRF vulnerability (requires authentication)

Moderate
manics published GHSA-gcv9-6737-pjqw Jan 24, 2022

Package

pip jupyter-server-proxy (pip)

Affected versions

<= 3.2.0

Patched versions

3.2.1

Description

Impact

What kind of vulnerability is it? Server-Side Request Forgery ( SSRF )

Who is impacted? Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled.

A lack of input validation allowed authenticated clients to proxy requests to other hosts, bypassing the allowed_hosts check. Because authentication is required, which already grants permissions to make the same requests via kernel or terminal execution, this is considered low to moderate severity.

Patches

Has the problem been patched? What versions should users upgrade to?

Upgrade to 3.2.1, or apply the patch https://github.com/jupyterhub/jupyter-server-proxy/compare/v3.2.0...v3.2.1.patch

For more information

If you have any questions or comments about this advisory:

Severity

Moderate
6.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

CVE ID

CVE-2022-21697

Weaknesses

Credits