In late 2023, a significant security flaw—CVE-2023-36018—was discovered in the popular VS Code Jupyter Extension. If you use Jupyter notebooks in Visual Studio Code, you need to know about this spoofing vulnerability, how hackers might exploit it, and what steps you should take to protect yourself.
This post breaks down the vulnerability, shows a code snippet for demonstration, explains how attackers might misuse it, and provides useful references for further reading.
What is CVE-2023-36018?
CVE-2023-36018 is a spoofing vulnerability affecting Microsoft's Visual Studio Code Jupyter extension. Simply put, the extension could be tricked into displaying misleading UI elements or information, allowing attackers to deceive users into executing malicious code or believing they're interacting with a different (legitimate) notebook or kernel.
Think of it as a way for attackers to impersonate part of the notebook environment. You think you're running safe code, but in reality, an attacker could be running their own commands—without your knowledge.
How Does the Vulnerability Work?
The core issue lies in how the extension handles URIs and trust states for notebooks and cells. If a malicious notebook disguises or injects specific content, it may spoof UI indicators (like trusted/untrusted status or kernel connections), making unsafe content look safe.
Simplified Exploit Scenario
1. Malicious notebook attachment: An attacker crafts a notebook file with fake or misleading metadata.
User opens notebook: User opens the malicious file in VS Code with Jupyter extension enabled.
3. Trust spoofing: The notebook displays as "trusted", or connects to an attacker-controlled kernel—even though it shouldn't.
Proof of Concept
Below is a simplified *code snippet* that demonstrates how a malicious notebook could exploit the spoof to mislead the user.
Malicious Notebook Example (malicious.ipynb)
{
"cells": [
{
"cell_type": "code",
"execution_count": null,
"metadata": { "trusted": true },
"outputs": [],
"source": [
"import os\n",
"# This code will run malicious commands\n",
"os.system('echo Malicious code executed!')"
]
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3 (Attacker Controlled)",
"language": "python",
"name": "malicious-kernel"
},
"language_info": {
"name": "python",
"version": "3.11.5"
}
},
"nbformat": 4,
"nbformat_minor": 5
}
- In the notebook's metadata, "kernelspec" is set to look legitimate, but actually points to an attacker's kernel.
The "trusted": true flag tricks the extension UI into showing it as safe.
When the user opens this notebook, the status bar and kernel display could misrepresent the trust level or kernel identity, leading to blind trust and unintended code execution.
UI Spoof: The extension misrepresents the notebook’s trust or the identity of the kernel.
3. Silent Execution: The user thinks they are running code in a secure environment, but they are not. Harmful code (stealing credentials, running ransomware, etc.) can be executed.
Fixes and Workarounds
- Upgrade Your Jupyter Extension: Always update to the latest version where this vulnerability has been patched.
- Inspect Notebooks Carefully: Never trust notebooks from unknown sources. Review kernel specs and cell metadata before execution.
Microsoft’s official advisory:
CVE-2023-36018 | Visual Studio Code Jupyter Extension Spoofing Vulnerability
GitHub Issue Tracking:
Jupyter security bug discussion
VS Code Jupyter Extension:
Jupyter Notebook Format Docs:
Conclusion
CVE-2023-36018 is an important reminder that even seemingly harmless features like trust states and kernel names can be manipulated by clever attackers. If you use Jupyter notebooks in Visual Studio Code, stay updated, be cautious with unknown files, and always check your extension versions.
Timeline
Published on: 11/14/2023 18:15:31 UTC
Last modified on: 11/21/2023 18:15:33 UTC