Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-40170

Published: 28/08/2023 Updated: 15/09/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jupyter jupyter server

Vendor Advisories

Debian CVElist Bug Report Logs: jupyter-server: CVE-2023-40170
Debian Bug report logs - #1057097 jupyter-server: CVE-2023-40170 Package: src:jupyter-server; Maintainer for src:jupyter-server is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 29 Nov 2023 16:45:01 UTC Severity: important Tags: security, upstream ...

References

CWE-284CWE-306https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fdhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057097https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248CVE-2024-3110CVE-2024-5552CVE-2024-29415HTML injectionCVE-2024-3095TCPtype confusionCVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook