Vulnerability Name:

CVE-2015-6938 (CCN-106961)

Assigned:2015-09-02
Published:2015-09-02
Updated:2018-10-30
Summary:Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name.
Note: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.
CVSS v3 Severity:6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2015-6938

Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-14902

Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-14901

Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-16128

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2015:1699

Source: CCN
Type: oss-sec Mailing List, Wed, 2 Sep 2015 15:00:25 +0200
CVE Request : CSRF in IPython/Jupyter notebook Tree

Source: MLIST
Type: UNKNOWN
[oss-security] 20150902 CVE Request : CSRF in IPython/Jupyter notebook Tree.

Source: CCN
Type: oss-sec Mailing List, Mon, 14 Sep 2015 15:32:25 -0400 (EDT)
Re: CVE Request : CSRF in IPython/Jupyter notebook Tree

Source: MLIST
Type: Mailing List, Patch
[oss-security] 20150914 Re: CVE Request : CSRF in IPython/Jupyter notebook Tree.

Source: CCN
Type: Red Hat Bugzilla – Bug 1259405
(CVE-2015-6938) CVE-2015-6938 ipython: XSS via local folder name

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1259405

Source: XF
Type: UNKNOWN
ipythonnotebook-cve20156938-xss(106961)

Source: CCN
Type: ipython - GitHub Web site
Fix XSS reported on Security list · ipython/ipython@3ab4164 · GitHub

Source: CONFIRM
Type: Exploit
https://github.com/ipython/ipython/commit/3ab41641cf6fce3860c73d5cf4645aa12e1e5892

Source: CONFIRM
Type: Exploit
https://github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed

Source: CCN
Type: Jupyter - GitHub Web site
Fix XSS reported on Security list · jupyter/notebook@dd98763 · GitHub

Source: CONFIRM
Type: Issue Tracking, Patch
https://github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-6938

Vulnerable Configuration:Configuration 1:
  • cpe:/a:jupyter:notebook:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:jupyter:notebook:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:jupyter:notebook:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:jupyter:notebook:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:jupyter:notebook:4.0.4:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:21:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:23:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:ipython:notebook:*:*:*:*:*:*:*:* (Version <= 3.2.1)

    • Configuration CCN 1:
  • cpe:/a:ipython:ipython:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:jupyter:notebook:4.0.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20156938
    V
    		CVE-2015-6938
    2017-03-20
    oval:com.ubuntu.cosmic:def:201569380000000
    V
    		CVE-2015-6938 on Ubuntu 18.10 (cosmic) - low.
    2015-09-21
    oval:com.ubuntu.artful:def:20156938000
    V
    		CVE-2015-6938 on Ubuntu 17.10 (artful) - low.
    2015-09-21
    oval:com.ubuntu.trusty:def:20156938000
    V
    		CVE-2015-6938 on Ubuntu 14.04 LTS (trusty) - low.
    2015-09-21
    oval:com.ubuntu.bionic:def:201569380000000
    V
    		CVE-2015-6938 on Ubuntu 18.04 LTS (bionic) - low.
    2015-09-21
    oval:com.ubuntu.bionic:def:20156938000
    V
    		CVE-2015-6938 on Ubuntu 18.04 LTS (bionic) - low.
    2015-09-21
    oval:com.ubuntu.xenial:def:20156938000
    V
    		CVE-2015-6938 on Ubuntu 16.04 LTS (xenial) - low.
    2015-09-21
    oval:com.ubuntu.xenial:def:201569380000000
    V
    		CVE-2015-6938 on Ubuntu 16.04 LTS (xenial) - low.
    2015-09-21
    oval:com.ubuntu.cosmic:def:20156938000
    V
    		CVE-2015-6938 on Ubuntu 18.10 (cosmic) - low.
    2015-09-21
    oval:com.ubuntu.disco:def:201569380000000
    V
    		CVE-2015-6938 on Ubuntu 19.04 (disco) - low.
    2015-09-21
    oval:com.ubuntu.precise:def:20156938000
    V
    		CVE-2015-6938 on Ubuntu 12.04 LTS (precise) - low.
    2015-09-21
    BACK
    jupyter notebook 4.0.0
    jupyter notebook 4.0.1
    jupyter notebook 4.0.2
    jupyter notebook 4.0.3
    jupyter notebook 4.0.4
    fedoraproject fedora 21
    fedoraproject fedora 22
    fedoraproject fedora 23
    opensuse opensuse 13.1
    opensuse opensuse 13.2
    ipython notebook *
    ipython ipython 3.2.2
    jupyter notebook 4.0.5