CVE-2022-24757 – CVE-2022-24757 allows unauthorized actors to ac... (How to Fix)

Q: What is the severity of CVE-2022-24757?

CVE-2022-24757 has a CVSS score of 7.5 (HIGH). CVE-2022-24757 allows unauthorized actors to access sensitive authentication information from Jupyter Server logs when 5xx errors occur. This affects Jupyter Server versions prior to 1.15.4, potentially enabling attackers to steal auth cookies and gain unauthorized access to Jupyter servers.

📋 TL;DR

CVE-2022-24757 allows unauthorized actors to access sensitive authentication information from Jupyter Server logs when 5xx errors occur. This affects Jupyter Server versions prior to 1.15.4, potentially enabling attackers to steal auth cookies and gain unauthorized access to Jupyter servers.

💻 Affected Systems

Products:

Jupyter Server

Versions: All versions prior to 1.15.4

Operating Systems: All platforms running Jupyter Server

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default logging configuration when 5xx errors occur.

📦 What is this software?

Jupyter Server by Jupyter

View all CVEs affecting Jupyter Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative access to Jupyter Server, potentially compromising all hosted notebooks, data, and system resources.

🟠

Likely Case

Unauthorized access to Jupyter Server instances leading to data theft, code execution, or privilege escalation within the Jupyter environment.

🟢

If Mitigated

Limited impact with proper log access controls and monitoring, though sensitive information may still be exposed in logs.

🌐 Internet-Facing: HIGH - Internet-facing Jupyter servers are directly accessible to attackers who can trigger 5xx errors and access logs.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts can still exploit this vulnerability if they have access to server logs.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires ability to trigger 5xx errors and access server logs, which may be accessible to various user roles.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.15.4

Vendor Advisory: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr

Restart Required: Yes

Instructions:

1. Update Jupyter Server using pip: 'pip install --upgrade jupyter-server==1.15.4' 2. Restart all Jupyter Server instances 3. Verify the update with 'jupyter-server --version'

🔧 Temporary Workarounds

Restrict Log File Access

linux

Set strict file permissions on Jupyter Server log files to prevent unauthorized access

chmod 600 /path/to/jupyter/logs/*
chown root:root /path/to/jupyter/logs/*

Disable Detailed Error Logging

all

Configure Jupyter Server to not log sensitive headers in error responses

jupyter server --ServerApp.log_format='%(asctime)s [%(levelname)s] %(message)s'
Set JUPYTER_LOG_FORMAT environment variable

🧯 If You Can't Patch

Implement strict access controls on Jupyter Server log directories and files
Monitor log files for unauthorized access attempts and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check Jupyter Server version with 'jupyter-server --version' or 'pip show jupyter-server' and verify if version is below 1.15.4

Check Version:

jupyter-server --version

Verify Fix Applied:

Confirm version is 1.15.4 or higher and test that 5xx errors no longer include sensitive headers in logs

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to log files
Multiple 5xx errors from same source
Log entries containing 'Cookie:' or 'Authorization:' headers

Network Indicators:

Multiple failed authentication attempts triggering 5xx errors
Unusual access patterns to Jupyter Server logs

SIEM Query:

source="jupyter-server.log" AND ("5xx" OR "500" OR "502" OR "503") AND ("Cookie:" OR "Authorization:" OR "auth_token")

📊 Metadata

CVE ID: CVE-2022-24757

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-532

Published: March 23, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a Patch,Third Party Advisory
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr Third Party Advisory
https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a Patch,Third Party Advisory
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24757, you might also want to check these: