Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2023-49080
HistoryDec 04, 2023 - 12:00 a.m.

CVE-2023-49080

2023-12-0400:00:00
ubuntu.com
ubuntu.com
9
jupyter server
backend services
unhandled errors
json responses
authentication
upgrade
vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

The Jupyter Server provides the backend (i.e. the core services, APIs, and
REST endpoints) for Jupyter web applications like Jupyter notebook,
JupyterLab, and Voila. Unhandled errors in API requests coming from an
authenticated user include traceback information, which can include path
information. There is no known mechanism by which to trigger these errors
without authentication, so the paths revealed are not considered
particularly sensitive, given that the requesting user has arbitrary
execution permissions already in the same environment. A fix has been
introduced in commit 0056c3aa52 which no longer includes traceback
information in JSON error responses. For compatibility, the traceback field
is present, but always empty. This commit has been included in version
2.11.2. Users are advised to upgrade. There are no known workarounds for
this vulnerability.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchjupyter-server< anyUNKNOWN
ubuntu24.04noarchjupyter-server< anyUNKNOWN

Related

fedora 2
nessus 2
veracode 1
github 1
prion 1
cvelist 1
nvd 1
debiancve 1
osv 2
openvas 2
cve 1
fedora
fedora
[SECURITY] Fedora 39 Update: python-jupyter-server-2.7.2-2.fc39
2023-12-14 01:33:27
[SECURITY] Fedora 38 Update: python-jupyter-server-2.1.0-3.fc38
2023-12-14 01:52:42
nessus
nessus
Fedora 38 : python-jupyter-server (2023-8816029058)
2023-12-14 00:00:00
Fedora 39 : python-jupyter-server (2023-5beead493f)
2023-12-14 00:00:00
veracode
veracode
Information Disclosure
2023-12-05 07:03:48
github
github
jupyter-server errors include tracebacks with path information
2023-12-05 18:15:02
prion
prion
Design/Logic Flaw
2023-12-04 21:15:00
cvelist
cvelist
CVE-2023-49080 Jupyter Server errors include tracebacks with path information
2023-12-04 21:00:59
nvd
nvd
CVE-2023-49080
2023-12-04 21:15:34
debiancve
debiancve
CVE-2023-49080
2023-12-04 21:15:34
osv
osv
jupyter-server errors include tracebacks with path information
2023-12-05 18:15:02
CVE-2023-49080
2023-12-04 21:15:34
openvas
openvas
Fedora: Security Advisory (FEDORA-2023-5beead493f)
2023-12-14 00:00:00
Fedora: Security Advisory for python-jupyter-server (FEDORA-2023-8816029058)
2023-12-14 00:00:00
cve
cve
CVE-2023-49080
2023-12-04 21:15:34

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON
Related for UB:CVE-2023-49080
fedora2nessus2veracode1github1prion1cvelist1nvd1debiancve1osv2openvas2cve1