Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2024-28233
HistoryMar 27, 2024 - 7:15 p.m.

CVE-2024-28233

2024-03-2719:15:48
Debian Security Bug Tracker
security-tracker.debian.org
7
jupyterhub
vulnerability
xss
api
server
subdomain
attack
security

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former’s session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user’s single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.

OSVersionArchitecturePackageVersionFilename
Debian12alljupyterhub<= 3.0.0+ds1-1jupyterhub_3.0.0+ds1-1_all.deb
Debian999alljupyterhub< 5.0.0+ds1-1jupyterhub_5.0.0+ds1-1_all.deb

Related

osv 3
nvd 1
cve 1
github 1
veracode 1
cvelist 1
ubuntucve 1
ibm 2
osv
osv
BIT-jupyterhub-2024-28233
2024-04-03 10:52:35
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
2024-03-28 17:08:10
CVE-2024-28233
2024-03-27 19:15:48
nvd
nvd
CVE-2024-28233
2024-03-27 19:15:48
cve
cve
CVE-2024-28233
2024-03-27 19:15:48
github
github
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
2024-03-28 17:08:10
veracode
veracode
Cross Site Scripting (XSS)
2024-03-29 14:59:06
cvelist
cvelist
CVE-2024-28233 XSS in JupyterHub via Self-XSS leveraged by Cookie Tossing
2024-03-27 18:16:24
ubuntucve
ubuntucve
CVE-2024-28233
2024-03-27 00:00:00
ibm
ibm
Security Bulletin: IBM Cognos Analytics has addressed security vulnerabilities in JupyterHub, R Programming Language and Apache MINA (CVE-2024-28233, CVE-2024-27322, CVE-2019-0231, CVE-2021-41973)
2024-06-27 22:33:39
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
2024-06-27 22:37:10

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for DEBIANCVE:CVE-2024-28233
osv3nvd1cve1github1veracode1cvelist1ubuntucve1ibm2