Vulnerability Details : CVE-2021-42952
Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.
Vulnerability category: Execute code
Products affected by CVE-2021-42952
- cpe:2.3:a:zepl:zepl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-42952
0.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-42952
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
9.9
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
NIST |
References for CVE-2021-42952
-
http://zepl.com
Zepl – DataRobot Zepl NotebookProduct;Vendor Advisory
-
https://seclists.org/fulldisclosure/2022/Feb/32
Full Disclosure: Zepl Notebook - Sandbox EscapeMailing List;Third Party Advisory
Jump to