HIGH🇵🇱 Wersja polska

CVE-2022-24758

CVSS 7.5v3.1pub. 2022-03-31upd. 2024-11-21

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Jupyter Notebook

    APP
    Jupyter
    < 6.4.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-32798CRITICAL10.0ten sam produkt

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untru...

CVE-2026-42557HIGH8.6ten sam produkt

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2024-43805HIGH7.6ten sam produkt

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2024-22421HIGH7.6ten sam produkt

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb...

CVE-2018-8768HIGH7.8ten sam produkt

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaSc...