Privilege Escalation With Jupyter From the Command Line

Jupyter is a web-based environment for data science, typically used for code execution and data visualization. The described issue is not a Jupyter vulnerability but a consequence of misconfiguration. A lack of authentication and running Jupyter with root privileges creates a major security risk. The author found a Jupyter server accessible without authentication, enabling unauthorized access. Jupyter's terminal API, normally for shell access, became a way to get root access due to the server's configuration. This allowed the attacker to interact with the Jupyter server via terminal WebSockets. Using "websocat," the author could send commands to the terminal, and eventually establish a reverse shell. This granted full root access, potentially allowing the attacker to access other users' data. The core problem was a deployment anti-pattern: Jupyter ran as root with no authentication and an exposed terminal. The author emphasizes that this is not a Jupyter bug, but a result of running a service insecurely. They recommend proper configuration, including not running as root and implementing authentication. They suggest employing specific tools and strategies to manage user access and permissions securely. Jupyter is a valuable tool, but its features can be exploited if deployed without proper security measures. The author's solution is a client that can drop into a shell, providing a more robust exploit.