CVE-2022-21699Execution with Unnecessary Privileges in Ipython

CWE-250Execution with Unnecessary PrivilegesCWE-279Incorrect Execution-Assigned PermissionsCWE-269Improper Privilege Management10 documents7 sources
Severity
8.8HIGHNVD
CNA8.2
EPSS
1.4%
top 19.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IpythonDebian LinuxFedoraproject Fedora
Timeline
PublishedJan 19
Latest updateMar 15

Description

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages5 packages

CVEListV5ipython/ipython< 5.11+3
NVDipython/ipython6.0.07.16.3+3
PyPIipython/ipython6.0.07.16.3+3
Debianipython/ipython< 7.20.0-1+deb11u1+3
Ubuntuipython/ipython< 1.2.1-2ubuntu0.1~esm1+2

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
ipython vulnerabilities2023-03-15
GHSA
Execution with Unnecessary Privileges in ipython2022-01-21
OSV
Execution with Unnecessary Privileges in ipython2022-01-21
OSV
CVE-2022-21699: IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python progr2022-01-19
CVEList
Execution with Unnecessary Privileges in ipython2022-01-19

📋Vendor Advisories

2
Ubuntu
IPython vulnerabilities2023-03-15
Debian
CVE-2022-21699: ipython - IPython (Interactive Python) is a command shell for interactive computing in mul...2022

📄Research Papers

2
CTF
Shared / README
CTF
Shared / README
CVE-2022-21699 — Execution with Unnecessary Privileges | cvebase