CVE-2023-35174 - Vulnerability Details - OpenCVE

Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Livebook	Livebook
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:livebook:livebook::::::::
	cpe:2.3:a:livebook:livebook::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1
https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8
https://github.com/livebook-dev/livebook/releases/tag/v0.8.2
https://github.com/livebook-dev/livebook/releases/tag/v0.9.3
https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9

History

Fri, 06 Dec 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-22T13:34:38.492Z

Updated: 2024-12-06T15:14:24.752Z

Reserved: 2023-06-14T14:17:52.180Z

Link: CVE-2023-35174

Vulnrichment

Updated: 2024-08-02T16:23:59.573Z

NVD

Status : Modified

Published: 2023-06-22T14:15:09.517

Modified: 2024-11-21T08:08:05.560

Link: CVE-2023-35174

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35174", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-14T14:17:52.180Z", "datePublished": "2023-06-22T13:34:38.492Z", "dateUpdated": "2024-12-06T15:14:24.752Z"}, "containers": {"cna": {"title": "Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9"}, {"name": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1", "tags": ["x_refsource_MISC"], "url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1"}, {"name": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8", "tags": ["x_refsource_MISC"], "url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8"}, {"name": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2"}, {"name": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3"}], "affected": [{"vendor": "livebook-dev", "product": "livebook", "versions": [{"version": ">= 0.8.0, < 0.8.2", "status": "affected"}, {"version": ">= 0.9.0, < 0.9.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-06-22T13:34:38.492Z"}, "descriptions": [{"lang": "en", "value": "Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.\n\n"}], "source": {"advisory": "GHSA-564w-97r7-c6p9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:23:59.573Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9"}, {"name": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1"}, {"name": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8"}, {"name": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2"}, {"name": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-06T15:14:11.764601Z", "id": "CVE-2023-35174", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-06T15:14:24.752Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9", "name": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1", "name": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8", "name": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2", "name": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3", "name": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:23:59.573Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-35174", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-06T15:14:11.764601Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-06T15:14:21.184Z"}}], "cna": {"title": "Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows", "source": {"advisory": "GHSA-564w-97r7-c6p9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "livebook-dev", "product": "livebook", "versions": [{"status": "affected", "version": ">= 0.8.0, < 0.8.2"}, {"status": "affected", "version": ">= 0.9.0, < 0.9.3"}]}], "references": [{"url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9", "name": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1", "name": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8", "name": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2", "name": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3", "name": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.\n\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-06-22T13:34:38.492Z"}}}, "cveMetadata": {"cveId": "CVE-2023-35174", "state": "PUBLISHED", "dateUpdated": "2024-12-06T15:14:24.752Z", "dateReserved": "2023-06-14T14:17:52.180Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-06-22T13:34:38.492Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:livebook:livebook:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BFE3DF8-01D2-4B07-A6D3-161E54A3AA22", "versionEndExcluding": "0.8.2", "versionStartIncluding": "0.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:livebook:livebook:*:*:*:*:*:*:*:*", "matchCriteriaId": "1417F052-3C0B-4BF5-AA92-2154895E67DD", "versionEndExcluding": "0.9.3", "versionStartIncluding": "0.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.\n\n"}], "id": "CVE-2023-35174", "lastModified": "2024-11-21T08:08:05.560", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-22T14:15:09.517", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/livebook-dev/livebook/commit/2e11b59f677c6ed3b6aa82dad412a8b3406ffdf1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/livebook-dev/livebook/commit/beb10daaadcc765f0380e436bd7cd5f74cf086c8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.8.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/livebook-dev/livebook/releases/tag/v0.9.3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/livebook-dev/livebook/security/advisories/GHSA-564w-97r7-c6p9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}