Lucene search
+L

4 matches found

vulnersOsv
vulnersOsv
added 2024/05/23 2:0 p.m.4 views

amazon-sagemaker-jupyter-scheduler (>=3.2.1 <=3.2.2), argo-jupyter-scheduler (>=0.0.1 <=2024.6.1rc1) +3 more potentially affected by CVE-2024-28188 via jupyter-scheduler (=2.12.0)

jupyter-scheduler PYPI version =2.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-scheduler and may be impacted: - amazon-sagemaker-jupyter-scheduler =3.2.1, =0.0.1, =0.1.0, =1.4.16, =1.2.0, =1.3.11 Source cves: CVE-2024-28188 Source...

5.3CVSS6AI score0.00331EPSS
Exploits0
NVD
NVD
added 2024/05/23 12:15 p.m.32 views

CVE-2024-28188

Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been...

5.3CVSS5.1AI score0.00331EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/23 11:54 a.m.42 views

CVE-2024-28188 jupyter-scheduler's endpoint is missing authentication

Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been...

5.3CVSS5.1AI score0.00331EPSS
Exploits0References2
CVE
CVE
added 2024/05/23 11:54 a.m.102 views

CVE-2024-28188

The vulnerability CVE-2024-28188 affects the Jupyter Scheduler extension, where an unauthenticated API endpoint can expose the list of Conda environments for a server’s jupyter-scheduler users. Root cause: missing authentication on the runtime_environments endpoint in Jupyter Server. Impact: disc...

5.3CVSS5AI score0.00331EPSS
Exploits0References2
Rows per page
Query Builder