GHSL-2024-144: Checkout and execution of untrusted code in the GitHub workflows of JupyterLab - CVE-2024-39700

Coordinated Disclosure Timeline

• 2024-06-26: Report sent through GitHub’s PVR.
• 2024-06-28: Vulnerable workflow is tracked to the extension-template repository and affecting other JupyterLab repositories.
• 2024-07-16: Advisory published.

Summary

JupyterLab is vulnerable to checkout and execution of untrusted code in the GitHub workflows allowing attacker to gain write access and read secrets from the repository.

Project

JupyterLab

Tested Version

Latest commit at the time of writing

Details

Issue 1: Checkout of untrusted code in galata-update.yml#update-galata-snapshots (GHSL-2024-138)

The issue_comment trigger event used in galata-update.yml can be triggered by an external actor which can send a PR with arbitrary code and later comment on it to trigger the workflow.

The update-galata-snapshots job explicitly checks out potentially untrusted code from the pull request that have been commented and runs it.

      - name: Checkout the branch from the PR that triggered the job
        run: gh pr checkout ${{ github.event.issue.number }}
...
      - name: Install dependencies
        run: |
          bash ./scripts/ci_install.sh

By explicitly checking out and running the ci_install.sh script from a fork, the untrusted code is running in an environment that is able to write to the repo and access secrets. See Preventing pwn requests for more information.

An attacker could create a pull request with a malicious ./scripts/ci_install.sh which would get access to the privileged GITHUB_TOKEN and use it to modify JupyterLab code.

This vulnerability was found using the Checkout of untrusted code in trusted context CodeQL query.

Issue 2: Checkout of untrusted code in galata-update.yml#update-documentation-snapshots (GHSL-2024-144)

Similarly, the update-documentation-snapshots job is also vulnerable.

The update-documentation-snapshots job explicitly checks out potentially untrusted code from the pull request that have been commented and runs it.

      - name: Checkout the branch from the PR that triggered the job
        working-directory: core
        run: gh pr checkout ${{ github.event.issue.number }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
...
      - name: Install dependencies
        working-directory: core
        run: |
          set -ex
          # Install chinese font
          sudo apt-get update
          sudo apt-get install fonts-dejavu fonts-noto

          # Freeze the packages to ensure consistent look and feel
          # IPython is frozen because its version is displayed in
          # the console header
          pip install .[docs-screenshots]
          bash ./scripts/ci_install.sh

CVE

• CVE-2024-39700

Resources

• https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vxc4-w8qq-4c2g
• https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-5j4v-pr82-qg68

Impact

Running untrusted code with a privileged repository token and access to secrets may lead to an unauthorized repository modification or exfiltration of the secrets.

Credit

This issue was discovered and reported by GHSL team member @pwntester (Alvaro Muñoz).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-138 and GHSL-2024-144 in any communication regarding this issue.