7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
28.1%
JupyterLab is an extensible environment for interactive and reproducible
computing, based on the Jupyter Notebook and Architecture. Users of
JupyterLab who click on a malicious link may get their Authorization
and
XSRFToken
tokens exposed to a third party when running an older
jupyter-server
version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7
are patched. No workaround has been identified, however users should ensure
to upgrade jupyter-server
to version 2.7.2 or newer which includes a
redirect vulnerability fix.
Author | Note |
---|---|
sbeattie | code appears to be introduced in jupyter-notebook 7.0 jupyter-server 2.7.2 fix is CVE-2023-39968 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | jupyter-notebook | < any | UNKNOWN |
ubuntu | 20.04 | noarch | jupyter-notebook | < any | UNKNOWN |
ubuntu | 22.04 | noarch | jupyter-notebook | < any | UNKNOWN |
ubuntu | 23.10 | noarch | jupyter-notebook | < any | UNKNOWN |
ubuntu | 24.04 | noarch | jupyter-notebook | < any | UNKNOWN |
github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6
github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947
launchpad.net/bugs/cve/CVE-2024-22421
nvd.nist.gov/vuln/detail/CVE-2024-22421
security-tracker.debian.org/tracker/CVE-2024-22421
www.cve.org/CVERecord?id=CVE-2024-22421
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
28.1%