Jupyter Notebook and JupyterLab Stored Cross-Site Scripting Vulnerability Allowing Authentication Token Theft

A stored cross-site scripting vulnerability has been identified in Jupyter Notebook versions 7.0.0 through 7.5.5, as well as in JupyterLab versions 4.5.6 and earlier. This vulnerability resides in the help command linker, where malicious notebook content can be used to steal authentication tokens with a single click. Attackers can craft notebook files that contain elements mimicking legitimate controls, which, when interacted with, execute the embedded malicious content. Exploitation of this vulnerability leads to unauthorized access to the user's Jupyter session via the REST API, allowing attackers to read, modify, or create files, execute arbitrary code through access to kernels, and open terminals for shell access.

Impact

Successful exploitation allows for complete takeover of the user's Jupyter session, including theft of authentication tokens and access to the Jupyter REST API. This access enables reading, modifying, or creating files, executing arbitrary code via access to kernels, and opening terminals for shell access.

Remediation

Users can update to Jupyter Notebook 7.5.6 or JupyterLab 4.5.7, both of which include patches for this vulnerability. Alternatively, the affected help extensions can be disabled via the command line. For JupyterLab, the command 'jupyter labextension disable @jupyter-notebook/help-extension' can be used. After updating, the command linker functionality can be disabled altogether by setting 'allowCommandLinker' to false in the sanitizer configuration.