Jupyter server on Windows discloses Windows user password hash

2024-06-0621:26:53

Google

osv.dev

jupyter server

windows

password hash

vulnerability

ntlmv2

unauthenticated

attacker

network-accessible

ntlm relay.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary

Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines.

CPENameOperatorVersion
jupyter-servereq2.0.0rc4
jupyter-servereq1.0.1
jupyter-servereq0.0.2
jupyter-servereq1.1.4
jupyter-servereq1.0.10
jupyter-servereq1.0.0rc3
jupyter-servereq1.0.0rc7
jupyter-servereq1.0.0
jupyter-servereq2.10.0
jupyter-servereq0.0.0

Name	Operator	Version
jupyter-server	eq	2.0.0rc4
jupyter-server	eq	1.0.1
jupyter-server	eq	0.0.2
jupyter-server	eq	1.1.4
jupyter-server	eq	1.0.10
jupyter-server	eq	1.0.0rc3
jupyter-server	eq	1.0.0rc7
jupyter-server	eq	1.0.0
jupyter-server	eq	2.10.0
jupyter-server	eq	0.0.0