CVE-2022-24758

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24758

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24758.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24758

Aliases

Related

Published

2022-03-31T23:15:07Z

Modified

2024-09-11T04:52:56.628409Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.

References

Affected packages

Debian:11 / jupyter-notebook

Package

Name: jupyter-notebook
Purl: pkg:deb/debian/jupyter-notebook?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2.0-1

6.4.3-1

6.4.4-1

6.4.5-1

6.4.5-2

6.4.5-3

6.4.5-4

6.4.8-1

6.4.8-2

6.4.12-1

6.4.12-2

6.4.12-2.1

6.4.12-2.2

6.4.13-1

6.4.13-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / jupyter-notebook

Package

Name: jupyter-notebook
Purl: pkg:deb/debian/jupyter-notebook?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / jupyter-notebook

Package

Name: jupyter-notebook
Purl: pkg:deb/debian/jupyter-notebook?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/jupyter/notebook

Affected ranges

Type: GIT
Repo: https://github.com/jupyter/notebook
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5beec5484a1e08b8c53a5c7e416052b21d056f83

Affected versions

4.*

4.0.0

4.0.1

4.1.0

5.*

5.0.0

5.0.0-rc.1

5.0.0b1

5.0.0b2

5.0.0rc2

5.1.0

5.1.0rc1

5.1.0rc2

5.1.0rc3

5.2.0

5.2.0rc1

5.3.0

5.3.0rc1

5.3.1

5.4.0

5.5.0

5.5.0rc1

5.6.0

5.6.0rc1

5.7.0

6.*

6.0.0

6.0.0rc1

6.0.1

6.0.2

6.0.3

6.1.0

6.1.0rc1

6.1.1

6.1.2

6.1.3

6.1.4

6.2.0

6.3.0

6.4.1

v6.*

v6.4.0

v6.4.0rc0

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.4.7

v6.4.9