CVE-2023-35174 - OpenCVE

Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Livebook	Livebook
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:livebook:livebook::::::::
	cpe:2.3:a:livebook:livebook::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1
https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8
https://github.com/livebook-dev/livebook/releases/tag/v0.8.2
https://github.com/livebook-dev/livebook/releases/tag/v0.9.3
https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-22T13:34:38.492Z

Updated: 2024-08-02T16:23:59.573Z

Reserved: 2023-06-14T14:17:52.180Z

Link: CVE-2023-35174

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-22T14:15:09.517

Modified: 2023-06-29T20:20:14.797

Link: CVE-2023-35174

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35174", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-14T14:17:52.180Z", "datePublished": "2023-06-22T13:34:38.492Z", "dateUpdated": "2024-08-02T16:23:59.573Z"}, "containers": {"cna": {"title": "Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9"}, {"name": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1", "tags": ["x_refsource_MISC"], "url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1"}, {"name": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8", "tags": ["x_refsource_MISC"], "url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8"}, {"name": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2"}, {"name": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3"}], "affected": [{"vendor": "livebook-dev", "product": "livebook", "versions": [{"version": ">= 0.8.0, < 0.8.2", "status": "affected"}, {"version": ">= 0.9.0, < 0.9.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-06-22T13:34:38.492Z"}, "descriptions": [{"lang": "en", "value": "Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.\n\n"}], "source": {"advisory": "GHSA-564w-97r7-c6p9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:23:59.573Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9"}, {"name": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1"}, {"name": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8"}, {"name": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2"}, {"name": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:livebook:livebook:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BFE3DF8-01D2-4B07-A6D3-161E54A3AA22", "versionEndExcluding": "0.8.2", "versionStartIncluding": "0.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:livebook:livebook:*:*:*:*:*:*:*:*", "matchCriteriaId": "1417F052-3C0B-4BF5-AA92-2154895E67DD", "versionEndExcluding": "0.9.3", "versionStartIncluding": "0.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.\n\n"}], "id": "CVE-2023-35174", "lastModified": "2023-06-29T20:20:14.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-06-22T14:15:09.517", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Secondary"}]}