Skip to main content

Notebook CVE-2022-29238

MEDIUM
Direct Request ('Forced Browsing') (CWE-425)
2022-06-14 security-advisories@github.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 14, 2022 - 18:15 nvd
MEDIUM 4.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 20 pypi packages depend on notebook (20 direct, 0 indirect)

Ecosystem-wide dependent count for version 6.4.12.

DescriptionNVD

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allow_hidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. ~/.ssh while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds.

AnalysisAI

Jupyter Notebook is a web-based notebook environment for interactive computing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-425. Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allow_hidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. ~/.ssh while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds. Affected products include: Jupyter Notebook. Version information: version 6.4.12.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-32798 CRITICAL POC
9.6 Aug 09

The Jupyter notebook is a web-based notebook environment for interactive computing. Rated critical severity (CVSS 9.6),

CVE-2019-10856 MEDIUM POC
6.1 Apr 04

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. Rated medium severity (CVSS 6.1), this

CVE-2015-6938 MEDIUM POC
4.3 Sep 21

Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2

CVE-2018-8768 HIGH
7.8 Mar 18

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in th

CVE-2022-24758 HIGH
7.5 Mar 31

The Jupyter notebook is a web-based notebook environment for interactive computing. Rated high severity (CVSS 7.5), this

CVE-2015-7337 MEDIUM
6.8 Sep 29

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute a

CVE-2024-22421 MEDIUM
6.5 Jan 19

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Ar

CVE-2024-43805 MEDIUM
6.1 Aug 28

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Archit

CVE-2024-22420 MEDIUM
6.1 Jan 19

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Ar

CVE-2020-26215 MEDIUM
6.1 Nov 18

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnera

CVE-2019-10255 MEDIUM
6.1 Mar 28

An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in

CVE-2018-19352 MEDIUM
6.1 Nov 18

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js ha

Share

CVE-2022-29238 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy