Lucene search

Ubuntu.comUB:CVE-2024-28188

HistoryMay 23, 2024 - 12:00 a.m.

CVE-2024-28188

2024-05-2300:00:00

ubuntu.com

jupyter scheduler

extensions

conda environments

user projects

vulnerability patch

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Jupyter Scheduler is collection of extensions for programming jobs to run
now or run on a schedule. The list of conda environments of
jupyter-scheduler users maybe be exposed, potentially revealing
information about projects that a specific user may be working on. This
vulnerability has been patched in version(s) 1.1.6, 1.2.1, 1.8.2 and 2.5.2.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchjupyter-server< anyUNKNOWN
ubuntu23.10noarchjupyter-server< anyUNKNOWN
ubuntu24.04noarchjupyter-server< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	jupyter-server	< any	UNKNOWN
ubuntu	23.10	noarch	jupyter-server	< any	UNKNOWN
ubuntu	24.04	noarch	jupyter-server	< any	UNKNOWN

References

github.com/jupyter-server/jupyter-scheduler/security/advisories/GHSA-v9g2-g7j4-4jxc

github.com/jupyter-server/jupyter_server/pull/1392

launchpad.net/bugs/cve/CVE-2024-28188

nvd.nist.gov/vuln/detail/CVE-2024-28188

security-tracker.debian.org/tracker/CVE-2024-28188

www.cve.org/CVERecord?id=CVE-2024-28188

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for UB:CVE-2024-28188