Lucene search
GoogleOSV:GHSA-M87F-39Q9-6F55HistoryApr 05, 2022 - 5:47 p.m.
Sensitive Auth & Cookie data stored in Jupyter server logs
2022-04-0517:47:26
Google
osv.dev
18
jupyter server
data exposure
security upgrade
EPSS
0.002
Percentile
51.4%
Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.
Upgrade to notebook version 6.4.10
For more information
If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [email protected].
Credit: @3coins for reporting. Thank you!
Related
debiancve
debiancve
CVE-2022-24758
2022-03-31 23:15:07
prion
prion
Code injection
2022-03-31 23:15:00
osv
osv
CVE-2022-24758
2022-03-31 23:15:07
PYSEC-2022-180
2022-03-31 23:15:00
BIT-jupyter-base-notebook-2022-24758
2024-03-06 10:54:22
ubuntucve
ubuntucve
CVE-2022-24758
2022-03-31 00:00:00
cve
cve
CVE-2022-24758
2022-03-31 23:15:07
alpinelinux
alpinelinux
CVE-2022-24758
2022-03-31 23:15:07
nvd
nvd
CVE-2022-24758
2022-03-31 23:15:07
cvelist
cvelist
github
github
Sensitive Auth & Cookie data stored in Jupyter server logs
2022-04-05 17:47:26
ubuntu
ubuntu
Jupyter Notebook vulnerabilities
2022-08-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5585-1)
2022-08-31 00:00:00
Mageia: Security Advisory (MGASA-2022-0323)
2022-09-12 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)
2022-08-30 00:00:00
IBM Cognos Analytics Multiple Vulnerabilities (6828527)
2022-10-27 00:00:00
mageia
mageia
Updated jupyter-notebook packages fix security vulnerability
2022-09-10 23:26:43
