CVE-2022-21699

Summary

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.

Affected Software

VendorProductVersion RangeStatus
ipythonipython< 5.11affected
ipythonipython>= 6.0.0, < 7.16.3affected
ipythonipython>= 7.17.0, < 7.31.1affected
ipythonipython>= 8.0.0, < 8.0.1affected

Weaknesses

  • CWE-250: CWE-250: Execution with Unnecessary Privileges
  • CWE-279: CWE-279: Incorrect Execution-Assigned Permissions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References