CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

OSV•added 2024/03/06 10:54 a.m.•26 views

BIT-JUPYTERLAB-2024-22421 Potential authentication and CSRF tokens leak in JupyterLab

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...

7.6CVSS6.8AI score0.00138EPSS

Exploits0References4

OSV•added 2024/03/06 10:53 a.m.•25 views

BIT-JUPYTER-NOTEBOOK-2024-22421 Potential authentication and CSRF tokens leak in JupyterLab

7.6CVSS6.8AI score0.00138EPSS

Exploits0References4

OSV•added 2024/03/06 10:53 a.m.•26 views

BIT-JUPYTER-BASE-NOTEBOOK-2024-22421 Potential authentication and CSRF tokens leak in JupyterLab

7.6CVSS6.8AI score0.00138EPSS

Exploits0References4

Tenable Nessus•added 2024/02/02 12:0 a.m.•41 views

Fedora 39 : jupyterlab / python-notebook (2024-1673c2696e)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-1673c2696e advisory. Update of jupyterlab and notebook including fix for CVE-2024-22420 . Tenable has extracted the preceding description block directly from the Fedora...

7.6CVSS6.7AI score0.00343EPSS

Exploits0References3

NVD•added 2024/01/19 9:15 p.m.•20 views

CVE-2024-22421

7.6CVSS7.5AI score0.00138EPSS

Exploits0References3

UbuntuCve•added 2024/01/19 9:15 p.m.•38 views

CVE-2024-22421

7.6CVSS6.7AI score0.00138EPSS

Exploits0References3

Prion•added 2024/01/19 9:15 p.m.•15 views

Design/Logic Flaw

4.3CVSS7AI score0.00138EPSS

Exploits0References3Affected Software3

CVE•added 2024/01/19 8:45 p.m.•75 views

CVE-2024-22421

CVE-2024-22421 affects JupyterLab and relates to a redirect vulnerability in older jupyter-server versions. If a user clicks a malicious link, their Authorization and XSRFToken can be exposed to a third party when running vulnerable jupyter-server. Affected JupyterLab releases are 4.1.0b2, 4.0.11...

7.6CVSS6.2AI score0.00138EPSS

Exploits0References3Affected Software2

Debian CVE•added 2024/01/19 8:45 p.m.•21 views

CVE-2024-22421

7.6CVSS6.9AI score0.00138EPSS

Exploits0

OSV•added 2024/01/19 8:45 p.m.•20 views

CVE-2024-22421 Potential authentication and CSRF tokens leak in JupyterLab

7.6CVSS6.8AI score0.00138EPSS

Exploits0References5

Prion•added 2024/01/18 9:15 p.m.•14 views

Design/Logic Flaw

jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...

7.5CVSS7.1AI score0.00167EPSS

Exploits0References2Affected Software1

CVE•added 2024/01/18 8:27 p.m.•323 views

CVE-2024-22415

CVE-2024-22415 relates to the jupyter-lsp server extension for JupyterLab. The vulnerability stems from unsecured endpoints that, when the jupyter-server is exposed to untrusted networks, permit unauthorised access and modification of files outside the jupyter root. Fix: upgrade to version 2.2.2 ...

9.8CVSS9.3AI score0.00167EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/01/18 8:27 p.m.•16 views

CVE-2024-22415 Unsecured endpoints in the jupyter-lsp server extension

7.3CVSS7.1AI score0.00167EPSS

Exploits0References2

OSV•added 2023/12/05 6:15 p.m.•23 views

GHSA-H56G-GQ9V-VC8R jupyter-server errors include tracebacks with path information

Impact Unhandled errors in API requests include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has...

4.3CVSS4.2AI score0.00237EPSS

Exploits0References7

NVD•added 2023/08/28 9:15 p.m.•20 views

CVE-2023-39968

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URL...

6.1CVSS5.5AI score0.0048EPSS

Exploits0References4

NVD•added 2023/08/28 9:15 p.m.•17 views

CVE-2023-40170

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...

6.1CVSS5.3AI score0.00722EPSS

Exploits0References4

OSV•added 2023/08/28 9:15 p.m.•21 views

PYSEC-2023-157

6.1CVSS7AI score0.00722EPSS

Exploits0References2

OSV•added 2023/08/28 9:15 p.m.•30 views

PYSEC-2023-155

6.1CVSS7.2AI score0.0048EPSS

Exploits0References2

UbuntuCve•added 2023/08/28 9:15 p.m.•18 views

CVE-2023-40170