9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Jupyter Server Proxy is vulnerable to Missing Websocket Authentication. The vulnerability is caused due to improper user authentication checks when proxying websockets within handlers.py
. This allows an attacker to gain unauthenticated remote access to any websocket endpoint made accessible via the Jupyter Server Proxy, which can result in Remote Code Execution.
CPE | Name | Operator | Version |
---|---|---|---|
jupyter-server-proxy | le | 3.2.2 | |
jupyter-server-proxy | le | 4.1.0 | |
jupyter-server-proxy | le | 3.2.2 | |
jupyter-server-proxy | le | 4.1.0 |
github.com/advisories/GHSA-w3vc-fx9p-wp4v
github.com/jupyterhub/jupyter-server-proxy/blob/9b624c4d9507176334b46a85d94a4aa3bcd29bed/jupyter_server_proxy/handlers.py#L433
github.com/jupyterhub/jupyter-server-proxy/commit/764e499f61a87641916a7a427d4c4b1ac3f321a9
github.com/jupyterhub/jupyter-server-proxy/commit/bead903b7c0354b6efd8b4cde94b89afab653e03
github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-w3vc-fx9p-wp4v
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%