Lucene search
PRIOn knowledge basePRION:CVE-2024-22421HistoryJan 19, 2024 - 9:15 p.m.
Design/Logic Flaw
2024-01-1921:15:00
PRIOn knowledge base
www.prio-n.com
5
jupyterlab
design flaw
user tokens
jupyter notebook
security fix
jupyter-server
redirect vulnerability fix
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade jupyter-server to version 2.7.2 or newer which includes a redirect vulnerability fix.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fedora | eq | 39 | |
| jupyterlab | ge | 4.0.0 | |
| jupyterlab | lt | 4.0.11 | |
| jupyterlab | lt | 3.6.7 | |
| notebook | ge | 7.0.0 | |
| notebook | lt | 7.0.7 |
Related
osv
osv
BIT-jupyter-base-notebook-2024-22421
2024-03-06 10:53:51
JupyterLab vulnerable to potential authentication and CSRF tokens leak
2024-01-19 20:28:10
BIT-jupyter-notebook-2024-22421
2024-03-06 10:53:53
veracode
veracode
Information Disclosure
2024-01-22 05:58:10
cvelist
cvelist
CVE-2024-22421 Potential authentication and CSRF tokens leak in JupyterLab
2024-01-19 20:45:49
nvd
nvd
CVE-2024-22421
2024-01-19 21:15:09
debiancve
debiancve
CVE-2024-22421
2024-01-19 21:15:09
cve
cve
CVE-2024-22421
2024-01-19 21:15:09
github
github
JupyterLab vulnerable to potential authentication and CSRF tokens leak
2024-01-19 20:28:10
openvas
openvas
Fedora: Security Advisory for python-notebook (FEDORA-2024-1673c2696e)
2024-02-02 00:00:00
Fedora: Security Advisory for jupyterlab (FEDORA-2024-1673c2696e)
2024-02-02 00:00:00
ubuntucve
ubuntucve
CVE-2024-22421
2024-01-19 00:00:00
nessus
nessus
Fedora 39 : jupyterlab / python-notebook (2024-1673c2696e)
2024-02-02 00:00:00