Jupyter Server CORS Origin Validation Bypass Vulnerability

A vulnerability exists in Jupyter Server versions 1.12.0 through 2.17.0, allowing attackers to bypass Cross-Origin Resource Sharing (CORS) origin validation when the 'allow_origin_pat' configuration is applied. The issue stems from using 're.match()' for validating the 'Origin' header, which only checks the beginning of the string. This flaw enables domains controlled by attackers, such as 'trusted.example.com.evil.com', to be mistakenly validated as legitimate. The vulnerability impacts several areas, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially leading to phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.

Impact

Exploiting this vulnerability can result in bypassing CORS protections, allowing attackers to read API responses, redirect users after login to a phishing site, and hijack WebSocket connections to execute code in the context of the victim's Jupyter kernel.

Reproduction

To reproduce this vulnerability, configure Jupyter Server with the 'allow_origin_pat' option set to a trusted domain pattern. After starting the server, verify that the pattern is correctly matched by the 're.match()' function. Then, demonstrate the bypass by using an attacker-controlled domain that extends the trusted pattern, which will incorrectly pass the validation. This bypass can be exploited by redirecting users after login to an attacker-controlled site or by accessing API responses and WebSocket connections cross-origin.

Remediation

Users should update to a version of Jupyter Server that addresses this vulnerability. The suggested fix is to replace 're.match()' with 're.fullmatch()' in the relevant code locations. Users who relied on the prefix-matching behavior should append '.*' to their patterns.