Coordinated Disclosure Timeline
- 2024-06-26: Report sent through GitHub’s PVR.
- 2024-06-28: Vulnerable workflow is tracked to the
extension-templaterepository and affecting other JupyterLab repositories. - 2024-07-16: Advisory published.
Summary
JupyterLab is vulnerable to checkout and execution of untrusted code in the GitHub workflows allowing attacker to gain write access and read secrets from the repository.
Project
JupyterLab
Tested Version
Latest commit at the time of writing
Details
Issue 1: Checkout of untrusted code in galata-update.yml#update-galata-snapshots (GHSL-2024-138)
The issue_comment trigger event used in galata-update.yml can be triggered by an external actor which can send a PR with arbitrary code and later comment on it to trigger the workflow.
The update-galata-snapshots job explicitly checks out potentially untrusted code from the pull request that have been commented and runs it.
- name: Checkout the branch from the PR that triggered the job
run: gh pr checkout ${{ github.event.issue.number }}
...
- name: Install dependencies
run: |
bash ./scripts/ci_install.sh
By explicitly checking out and running the ci_install.sh script from a fork, the untrusted code is running in an environment that is able to write to the repo and access secrets. See Preventing pwn requests for more information.
An attacker could create a pull request with a malicious ./scripts/ci_install.sh which would get access to the privileged GITHUB_TOKEN and use it to modify JupyterLab code.
This vulnerability was found using the Checkout of untrusted code in trusted context CodeQL query.
Issue 2: Checkout of untrusted code in galata-update.yml#update-documentation-snapshots (GHSL-2024-144)
Similarly, the update-documentation-snapshots job is also vulnerable.
The update-documentation-snapshots job explicitly checks out potentially untrusted code from the pull request that have been commented and runs it.
- name: Checkout the branch from the PR that triggered the job
working-directory: core
run: gh pr checkout ${{ github.event.issue.number }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
...
- name: Install dependencies
working-directory: core
run: |
set -ex
# Install chinese font
sudo apt-get update
sudo apt-get install fonts-dejavu fonts-noto
# Freeze the packages to ensure consistent look and feel
# IPython is frozen because its version is displayed in
# the console header
pip install .[docs-screenshots]
bash ./scripts/ci_install.sh
CVE
- CVE-2024-39700
Resources
- https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vxc4-w8qq-4c2g
- https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-5j4v-pr82-qg68
Impact
Running untrusted code with a privileged repository token and access to secrets may lead to an unauthorized repository modification or exfiltration of the secrets.
Credit
This issue was discovered and reported by GHSL team member @pwntester (Alvaro Muñoz).
Contact
You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-138 and GHSL-2024-144 in any communication regarding this issue.