Jupyter Server Security Vulnerabilities and Issues — Jupyter Server CVE List

Lucene search

JupyterJupyter Server

8 matches found

CVE•added 2022/06/14 9:15 p.m.•821 views

CVE-2022-29241

Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of root_dir that contains the starting user's home directory, then the underlying REST API c...

9CVSS7.5AI score0.00453EPSS

CVE•added 2024/06/06 4:15 p.m.•215 views

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows mac...

7.5CVSS7.6AI score0.00725EPSS

CVE•added 2023/08/28 9:15 p.m.•214 views

CVE-2023-40170

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which has...

6.1CVSS5.2AI score0.00827EPSS

CVE•added 2023/08/28 9:15 p.m.•207 views

CVE-2023-39968

jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs....

6.1CVSS5.3AI score0.00396EPSS

CVE•added 2023/12/04 9:15 p.m.•203 views

CVE-2023-49080

The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information....

4.3CVSS4.3AI score0.0031EPSS

CVE•added 2022/03/23 9:15 p.m.•116 views

CVE-2022-24757

The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are reco...

7.5CVSS7.5AI score0.00299EPSS

CVE•added 2020/11/24 9:15 p.m.•70 views

CVE-2020-26232

Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupy...

5.5CVSS4.7AI score0.00232EPSS

CVE•added 2020/12/21 6:15 p.m.•66 views

CVE-2020-26275

The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a di...

6.1CVSS6AI score0.00344EPSS