CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
33.4%
The Jupyter Server provides the backend (i.e. the core services, APIs, and
REST endpoints) for Jupyter web applications like Jupyter notebook,
JupyterLab, and Voila. Unhandled errors in API requests coming from an
authenticated user include traceback information, which can include path
information. There is no known mechanism by which to trigger these errors
without authentication, so the paths revealed are not considered
particularly sensitive, given that the requesting user has arbitrary
execution permissions already in the same environment. A fix has been
introduced in commit 0056c3aa52
which no longer includes traceback
information in JSON error responses. For compatibility, the traceback field
is present, but always empty. This commit has been included in version
2.11.2. Users are advised to upgrade. There are no known workarounds for
this vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | jupyter-server | < any | UNKNOWN |
ubuntu | 24.04 | noarch | jupyter-server | < any | UNKNOWN |
github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652
github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652 (v2.11.2)
github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r
launchpad.net/bugs/cve/CVE-2023-49080
nvd.nist.gov/vuln/detail/CVE-2023-49080
security-tracker.debian.org/tracker/CVE-2023-49080
www.cve.org/CVERecord?id=CVE-2023-49080
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
33.4%