Lucene search
GoogleOSV:PYSEC-2022-180HistoryMar 31, 2022 - 11:15 p.m.
PYSEC-2022-180
2022-03-3123:15:00
Google
osv.dev
24
jupyter notebook
sensitive information
server logs
EPSS
0.002
Percentile
51.4%
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.
Related
debiancve
debiancve
CVE-2022-24758
2022-03-31 23:15:07
prion
prion
Code injection
2022-03-31 23:15:00
osv
osv
Sensitive Auth & Cookie data stored in Jupyter server logs
2022-04-05 17:47:26
BIT-jupyter-base-notebook-2022-24758
2024-03-06 10:54:22
BIT-jupyter-notebook-2022-24758
2024-03-06 10:54:27
cvelist
cvelist
github
github
Sensitive Auth & Cookie data stored in Jupyter server logs
2022-04-05 17:47:26
alpinelinux
alpinelinux
CVE-2022-24758
2022-03-31 23:15:07
nvd
nvd
CVE-2022-24758
2022-03-31 23:15:07
ubuntucve
ubuntucve
CVE-2022-24758
2022-03-31 00:00:00
cve
cve
CVE-2022-24758
2022-03-31 23:15:07
ubuntu
ubuntu
Jupyter Notebook vulnerabilities
2022-08-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5585-1)
2022-08-31 00:00:00
Mageia: Security Advisory (MGASA-2022-0323)
2022-09-12 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)
2022-08-30 00:00:00
IBM Cognos Analytics Multiple Vulnerabilities (6828527)
2022-10-27 00:00:00
mageia
mageia
Updated jupyter-notebook packages fix security vulnerability
2022-09-10 23:26:43
