CVE-2014-3429

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython	Press/Media Coverage Technical Description
http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198	Broken Link
http://seclists.org/oss-sec/2014/q3/152	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1119890	Issue Tracking
https://github.com/ipython/ipython/pull/4845	Patch Issue Tracking
http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:160	Broken Link
http://advisories.mageia.org/MGASA-2014-0320.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/94497

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ipython:ipython_notebook:1.1.0:::::::*
	cpe:2.3:a:ipython:ipython_notebook:0.12:::::::*
	cpe:2.3:a:ipython:ipython_notebook:0.12.1:::::::*
	cpe:2.3:a:ipython:ipython_notebook:0.13:::::::*
	cpe:2.3:a:ipython:ipython_notebook:0.13.1:::::::*
	cpe:2.3:a:ipython:ipython_notebook:0.13.2:::::::*
	cpe:2.3:a:ipython:ipython_notebook:1.0.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:mageia:mageia:4.0:::::::*
	cpe:2.3:o:mageia:mageia:3.0:::::::*

Information

Published : 2014-08-07 04:13

Updated : 2018-10-30 09:27

NVD link : CVE-2014-3429

Mitre link : CVE-2014-3429

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Products Affected

ipython

ipython_notebook

mageia

mageia

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython", "name": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython", "tags": ["Press/Media Coverage", "Technical Description"], "refsource": "CONFIRM"}, {"url": "http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198", "name": "[ipython-dev] 20140713 Vulnerability in IPython Notebook ≤ 1.1", "tags": ["Broken Link"], "refsource": "MLIST"}, {"url": "http://seclists.org/oss-sec/2014/q3/152", "name": "[oss-security] 20140715 IPython Notebook Cross 2014-3429", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MLIST"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890", "tags": ["Issue Tracking"], "refsource": "CONFIRM"}, {"url": "https://github.com/ipython/ipython/pull/4845", "name": "https://github.com/ipython/ipython/pull/4845", "tags": ["Patch", "Issue Tracking"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html", "name": "openSUSE-SU-2014:1060", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:160", "name": "MDVSA-2015:160", "tags": ["Broken Link"], "refsource": "MANDRIVA"}, {"url": "http://advisories.mageia.org/MGASA-2014-0320.html", "name": "http://advisories.mageia.org/MGASA-2014-0320.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94497", "name": "ipython-cve20143429-code-exec(94497)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3429", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2014-08-07T11:13Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:27Z"}

6.8 /10