CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39286 – Execution with Unnecessary Privileges in JupyterApp
https://notcve.org/view.php?id=CVE-2022-39286
26 Oct 2022 — Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. • https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-32862 – nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
https://notcve.org/view.php?id=CVE-2021-32862
18 Aug 2022 — The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer). GitHub Security Lab detectó dieciséis formas de explotar una vulnerabilidad de tipo cross-site scripting en nbconvert. Cuando es usado nbconvert para ge... • https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29241 – Known or guessable hidden files may be accessed in Jupyter Server
https://notcve.org/view.php?id=CVE-2022-29241
14 Jun 2022 — Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scrip... • https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29238 – Forced Browsing in Jupyter Notebook
https://notcve.org/view.php?id=CVE-2022-29238
14 Jun 2022 — Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed.... • https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31027 – Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator
https://notcve.org/view.php?id=CVE-2022-31027
06 Jun 2022 — OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the ... • https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-r7v4-jwx9-wx43 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24758 – Insertion of Sensitive Information into Log File affects Jupyter Notebook
https://notcve.org/view.php?id=CVE-2022-24758
31 Mar 2022 — The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a pa... • https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24757 – Sensitive Auth & Cookie data stored in Jupyter server logs
https://notcve.org/view.php?id=CVE-2022-24757
23 Mar 2022 — The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyte... • https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21697 – SSRF vulnerability (requires authentication)
https://notcve.org/view.php?id=CVE-2022-21697
25 Jan 2022 — Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of input validation allows authenticated clients to proxy requests to other hosts, bypassing the `allowed_hosts` check. Because authentication is required, which already grants permissions to make the same requests vi... • https://github.com/jupyterhub/jupyter-server-proxy/commit/fd31930bacd12188c448c886e0783529436b99eb • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41247 – incomplete logout in JupyterHub
https://notcve.org/view.php?id=CVE-2021-41247
04 Nov 2021 — JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. Ther... • https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27 • CWE-613: Insufficient Session Expiration •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2021-41134 – Stored XSS in Jupyter nbdime
https://notcve.org/view.php?id=CVE-2021-41134
03 Nov 2021 — nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs before returning it to be displayed. The diffNotebookCheckpoint function within nbdime causes this issue. When attempting to display the name of the local notebook (diffNotebookCheckpoint), nbdime appears to simpl... • https://github.com/jupyter/nbdime/commit/e44a5cc7677f24b45ebafc756db49058c2f750ea • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •