Lucene search

K

4 matches found

CVE
CVE
added 2024/08/08 3:15 p.m.269 views

CVE-2024-41942

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that admin:user...

7.2CVSS7.3AI score0.00191EPSS
CVE
CVE
added 2024/03/27 7:15 p.m.95 views

CVE-2024-28233

JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API a...

8.1CVSS7.6AI score0.00135EPSS
CVE
CVE
added 2019/03/28 4:29 p.m.87 views

CVE-2019-10255

An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affect...

6.1CVSS6AI score0.00596EPSS
CVE
CVE
added 2021/11/04 6:15 p.m.64 views

CVE-2021-41247

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated ...

7.5CVSS5.5AI score0.00173EPSS