CVE-2022-24757 – Sensitive Auth & Cookie data stored in Jupyter server logs
https://notcve.org/view.php?id=CVE-2022-24757
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. • https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-21697 – SSRF vulnerability (requires authentication)
https://notcve.org/view.php?id=CVE-2022-21697
Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of input validation allows authenticated clients to proxy requests to other hosts, bypassing the `allowed_hosts` check. Because authentication is required, which already grants permissions to make the same requests via kernel or terminal execution, this is considered low to moderate severity. • https://github.com/jupyterhub/jupyter-server-proxy/commit/fd31930bacd12188c448c886e0783529436b99eb https://github.com/jupyterhub/jupyter-server-proxy/compare/v3.2.0...v3.2.1.patch https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-gcv9-6737-pjqw • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2020-26275 – Open redirect vulnerability
https://notcve.org/view.php?id=CVE-2020-26275
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may *appear* safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. • https://advisory.checkmarx.net/advisory/CX-2020-4291 https://github.com/jupyter-server/jupyter_server/commit/85e4abccf6ea9321d29153f73b0bd72ccb3a6bca https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-9f66-54xg-pc2c https://pypi.org/project/jupyter-server • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-26232 – Open redirect in Jupyter Server
https://notcve.org/view.php?id=CVE-2020-26232
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. Jupyter Server anterior a versión 1.0.6, presenta una vulnerabilidad de redireccionamiento abierto. • https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---2020-11-18 https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157 https://github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •