CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28179 – Jupyter Server Proxy's Websocket Proxying does not require authentication
https://notcve.org/view.php?id=CVE-2024-28179
Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to the Jupyter server endpoint. This vulnerability can allow unauthenticated remote access to any websocket endpoint set up to be accessible via Jupyter Server Proxy. In many cases, this leads to remote unauthenticated arbitrary code execution, due to how affected instances use websockets. The websocket endpoints exposed by `jupyter_server` itself is not affected. • https://github.com/jupyterhub/jupyter-server-proxy/blob/9b624c4d9507176334b46a85d94a4aa3bcd29bed/jupyter_server_proxy/handlers.py#L433 https://github.com/jupyterhub/jupyter-server-proxy/commit/764e499f61a87641916a7a427d4c4b1ac3f321a9 https://github.com/jupyterhub/jupyter-server-proxy/commit/bead903b7c0354b6efd8b4cde94b89afab653e03 https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-w3vc-fx9p-wp4v • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41194 – Improper Access Control in jupyterhub-firstuseauthenticator
https://notcve.org/view.php?id=CVE-2021-41194
FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user's account if `create_users=True` and the username is known or guessed. One may upgrade to version 1.0.0 or apply a patch manually to mitigate the vulnerability. For those who cannot upgrade, there is no complete workaround, but a partial mitigation exists. One can disable user creation with `c.FirstUseAuthenticator.create_users = False`, which will only allow login with fully normalized usernames for already existing users prior to jupyterhub-firstuserauthenticator 1.0.0. • https://github.com/jupyterhub/firstuseauthenticator/pull/38 https://github.com/jupyterhub/firstuseauthenticator/pull/38.patch https://github.com/jupyterhub/firstuseauthenticator/security/advisories/GHSA-5xvc-vgmp-jgc3 • CWE-284: Improper Access Control •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39160 – Code injection in nbgitpuller
https://notcve.org/view.php?id=CVE-2021-39160
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade. nbgitpuller es una extensión del servidor Jupyter para sincronizar un repositorio git de forma unidireccional a una ruta local. Debido a una entrada no saneada, visitar enlaces maliciosamente diseñados podría resultar en una ejecución de código arbitrario en el entorno del usuario. • https://github.com/jupyterhub/nbgitpuller/blob/main/CHANGELOG.md#0102---2021-08-25 https://github.com/jupyterhub/nbgitpuller/commit/07690644f29a566011dd0d7ba14cae3eb0490481 https://github.com/jupyterhub/nbgitpuller/security/advisories/GHSA-mq5p-2mcr-m52j • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26261 – user-readable api tokens in systemd units
https://notcve.org/view.php?id=CVE-2020-26261
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15 jupyterhub-systemdspawner permite que JupyterHub genere servidores de portátiles de un solo usuario utilizando systemd. • https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015 https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580 https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6 https://pypi.org/project/jupyterhub-systemdspawner • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15110 – Possible pod name collisions in jupyterhub-kubespawner
https://notcve.org/view.php?id=CVE-2020-15110
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12. En jupyterhub-kubespawner versiones anteriores a 0.12, determinados nombres de usuario serán capaces de diseñar nombres de servidores particulares que les otorgarán acceso al servidor predeterminado de otros usuarios que presentan nombres de usuario coincidentes. Esto ha sido corregido en la versión 0.12 • https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0 https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr • CWE-863: Incorrect Authorization •