7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%
The Jupyter Server provides the backend for Jupyter web applications.
Jupyter Server on Windows has a vulnerability that lets unauthenticated
attackers leak the NTLMv2 password hash of the Windows user running the
Jupyter server. An attacker can crack this password to gain access to the
Windows machine hosting the Jupyter server, or access other
network-accessible machines or 3rd party services using that credential. Or
an attacker perform an NTLM relay attack without cracking the credential to
gain access to other network-accessible machines. This vulnerability is
fixed in 2.14.1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | jupyter-server | < any | UNKNOWN |
ubuntu | 23.10 | noarch | jupyter-server | < any | UNKNOWN |
ubuntu | 24.04 | noarch | jupyter-server | < any | UNKNOWN |
github.com/jupyter-server/jupyter_server/commit/79fbf801c5908f4d1d9bc90004b74cfaaeeed2df
github.com/jupyter-server/jupyter_server/security/advisories/GHSA-hrw6-wg82-cm62
launchpad.net/bugs/cve/CVE-2024-35178
nvd.nist.gov/vuln/detail/CVE-2024-35178
security-tracker.debian.org/tracker/CVE-2024-35178
www.cve.org/CVERecord?id=CVE-2024-35178