Jupyter Server
CVE-2022-29241
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of root_dir that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1.
AnalysisAI
Jupyter Server provides the backend (i.e. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of root_dir that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1. Affected products include: Jupyter Jupyter Server. Version information: version 1.17.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Jupyter Server
View allThe Jupyter Server provides the backend (i.e. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitab
The Jupyter Server provides the backend for Jupyter web applications. Rated high severity (CVSS 7.5), this vulnerability
The Jupyter Server provides the backend (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable
jupyter-server is the backend for Jupyter web applications. Rated medium severity (CVSS 6.1), this vulnerability is remo
jupyter-server is the backend for Jupyter web applications. Rated medium severity (CVSS 6.1), this vulnerability is remo
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. Rated medium severity (CVSS 5.4), this vulnerabi
The Jupyter Server provides the backend (i.e. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitab
Same weakness CWE-200 – Information Exposure
View allShare
External POC / Exploit Code
Leaving vuln.today