Описание
Execution with Unnecessary Privileges in ipython
We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another.
Proof of concept
User1:
User2:
User2 will see:
Patched release and documentation
See https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699,
Version 8.0.1, 7.31.1 for current Python version are recommended. Version 7.16.3 has also been published for Python 3.6 users, Version 5.11 (source only, 5.x branch on github) for older Python versions.
Ссылки
- https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
- https://nvd.nist.gov/vuln/detail/CVE-2022-21699
- https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668
- https://github.com/ipython/ipython/commit/5fa1e409d2dc126c456510c16ece18e08b524e5b
- https://github.com/ipython/ipython/commit/67ca2b3aa9039438e6f80e3fccca556f26100b4d
- https://github.com/ipython/ipython/commit/a06ca837273271b4acb82c29be97c0b6d12a30ea
- https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2022-12.yaml
- https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
- https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK
Пакеты
ipython
< 5.11
5.11
ipython
>= 6.0.0, < 7.16.3
7.16.3
ipython
>= 7.17.0, < 7.31.1
7.31.1
ipython
>= 8.0.0, < 8.0.1
8.0.1
EPSS
8.5 High
CVSS4
8.2 High
CVSS3
CVE ID
Дефекты
Связанные уязвимости
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
IPython (Interactive Python) is a command shell for interactive comput ...
Уязвимость команды shell командной оболочки для интерактивных вычислений IPython, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
8.5 High
CVSS4
8.2 High
CVSS3