CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
17.7%
jupyterlab is an extensible environment for interactive and reproducible
computing, based on the Jupyter Notebook Architecture. This vulnerability
depends on user interaction by opening a malicious notebook with Markdown
cells, or Markdown file using JupyterLab preview feature. A malicious user
can access any data that the attacked user has access to as well as perform
arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5
and Jupyter Notebook v7.2.2 have been patched to resolve this issue. Users
are advised to upgrade. There is no workaround for the underlying DOM
Clobbering susceptibility. However, select plugins can be disabled on
deployments which cannot update in a timely fashion to minimise the risk.
These are: 1. @jupyterlab/mathjax-extension:plugin
- users will loose
ability to preview mathematical equations. 2.
@jupyterlab/markdownviewer-extension:plugin
- users will loose ability to
open Markdown previews. 3. @jupyterlab/mathjax2-extension:plugin
(if
installed with optional jupyterlab-mathjax2
package) - an older version
of the mathjax plugin for JupyterLab 4.x. To disable these extensions run:
&& jupyter labextension disable @jupyterlab/mathjax-extension:plugin &&
jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` in
bash.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | jupyter-notebook | < any | UNKNOWN |
ubuntu | 20.04 | noarch | jupyter-notebook | < any | UNKNOWN |
ubuntu | 22.04 | noarch | jupyter-notebook | < any | UNKNOWN |
ubuntu | 24.04 | noarch | jupyter-notebook | < any | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
17.7%