Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-28188
HistoryMay 23, 2024 - 12:00 a.m.

CVE-2024-28188

2024-05-2300:00:00
ubuntu.com
ubuntu.com
2
jupyter scheduler
extensions
conda environments
user projects
vulnerability patch

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Jupyter Scheduler is collection of extensions for programming jobs to run
now or run on a schedule. The list of conda environments of
jupyter-scheduler users maybe be exposed, potentially revealing
information about projects that a specific user may be working on. This
vulnerability has been patched in version(s) 1.1.6, 1.2.1, 1.8.2 and 2.5.2.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for UB:CVE-2024-28188