Jupyter server Token bruteforcing

Affects: Notebook and Lab between 6.4.0?potentially earlier and 6.4.11 currently latest. Jupyter Server =1.16.0. If I am correct about the responsible code it will affect Jupyter-Server 1.17.0 and 2.0.0a0 as well. Description: If notebook server is started with a value of rootdir that contains th...

PYSEC-2022-211

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

CVE-2022-29241

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

Cross site scripting

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

CVE-2022-29241

CVE-2022-29241 affects Jupyter Server (backend for Jupyter web apps) prior to 1.17.1. If notebook_server is started with root_dir containing the starting user’s home directory, an authenticated user can leak the start-time access token via the REST API by guessing/brute-forcing the server PID. Th...

CVE-2022-29241

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

CVE-2022-29241 Known or guessable hidden files may be accessed in Jupyter Server

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

CVE-2022-1598

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

Authentication flaw

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

CVE-2022-1783

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their...

CVE-2022-1783

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their...

CVE-2022-1783

CVE-2022-1783 affects GitLab CE/EE across multiple streams: 14.3–14.9.5, 14.10–14.10.4, and 15.0–15.0.1. The issue allows malicious group maintainers to add new project members via the REST API even when a group owner disables such additions. Affected components are GitLab’s group/project members...

CVE-2022-1783

Removed by vendor...

CVE-2022-1783

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their...

CVE-2022-1598 WPQA < 5.5 - Unauthenticated Private Message Disclosure

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

CVE-2022-1598

The CVE-2022-1598 entry concerns the WPQA Builder WordPress plugin (pre-5.5) with an improper access control in a REST API endpoint, enabling unauthenticated users to view private questions/messages between site users. Affected software: WPQA Builder WordPress plugin prior to version 5.5. Root ca...

Design/Logic Flaw

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can injec...

CVE-2022-32268

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can injec...