4 matches found
amazon-sagemaker-jupyter-scheduler (>=3.2.1 <=3.2.2), argo-jupyter-scheduler (>=0.0.1 <=2024.6.1rc1) +3 more potentially affected by CVE-2024-28188 via jupyter-scheduler (=2.12.0)
jupyter-scheduler PYPI version =2.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-scheduler and may be impacted: - amazon-sagemaker-jupyter-scheduler =3.2.1, =0.0.1, =0.1.0, =1.4.16, =1.2.0, =1.3.11 Source cves: CVE-2024-28188 Source...
CVE-2024-28188
Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been...
CVE-2024-28188 jupyter-scheduler's endpoint is missing authentication
Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been...
CVE-2024-28188
The vulnerability CVE-2024-28188 affects the Jupyter Scheduler extension, where an unauthenticated API endpoint can expose the list of Conda environments for a server’s jupyter-scheduler users. Root cause: missing authentication on the runtime_environments endpoint in Jupyter Server. Impact: disc...