CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
33.4%
jupyter_server is vulnerable to Information Disclosure. An information disclosure flaw exists due to unhandled errors in API requests. While not directly allowing unauthorized access, these errors may leak sensitive path information in responses, potentially revealing sensitive server details to authenticated users with existing execution permissions.
github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652
github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r
lists.fedoraproject.org/archives/list/[email protected]/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77/
lists.fedoraproject.org/archives/list/[email protected]/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I/