medium

AI Hub Jupyter Notebook instance CSRF

Published Sat, Oct 17th, 2020

Platforms

Summary

AI Hub Jupyter Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments.

Affected Services

AI Hub Jupyter Notebook

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks

Contributed by https://github.com/ds0440

Entry Status

Finalized

Disclosure Date

Tue, Mar 10th, 2020

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

s1r1us

More vulnerabilities...

medium

AI Hub Jupyter Notebook instance CSRF

AI Hub Jupyter Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments.

s1r1us

Sat, Oct 17th, 2020

medium

AI Hub Jupyter Notebook instance CSRF

AI Hub Jupyter Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments.

s1r1us

Sat, Oct 17th, 2020

medium

AI Hub Jupyter Notebook instance CSRF

AI Hub Jupyter Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments.

s1r1us

Sat, Oct 17th, 2020

View all