6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.8%
JupyterLab is an extensible environment for interactive and reproducible
computing, based on the Jupyter Notebook and Architecture. This
vulnerability depends on user interaction by opening a malicious Markdown
file using JupyterLab preview feature. A malicious user can access any data
that the attacked user has access to as well as perform arbitrary requests
acting as the attacked user. JupyterLab version 4.0.11 has been patched.
Users are advised to upgrade. Users unable to upgrade should disable the
table of contents extension.
Author | Note |
---|---|
sbeattie | introduced in jupyter-notebook 7.0 |
github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e838411d2df
github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4
launchpad.net/bugs/cve/CVE-2024-22420
nvd.nist.gov/vuln/detail/CVE-2024-22420
security-tracker.debian.org/tracker/CVE-2024-22420
www.cve.org/CVERecord?id=CVE-2024-22420
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.8%