CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30167 – Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-30167
03 Jun 2025 — Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. ... • https://github.com/jupyter/jupyter_core/security/advisories/GHSA-33p9-3p43-82vq • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39286 – Execution with Unnecessary Privileges in JupyterApp
https://notcve.org/view.php?id=CVE-2022-39286
26 Oct 2022 — Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. • https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management CWE-427: Uncontrolled Search Path Element •