Vulnerabilities > CVE-2018-21030 - Incorrect Authorization vulnerability in Jupyter Notebook

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

jupyter

CWE-863

NVD

Published: 2019-10-31

Updated: 2020-11-19

Summary

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.

Vulnerable Configurations

Part	Description	Count
Application	Jupyter Jupyter Notebook 4.0.0 Jupyter Notebook 4.0.1 Jupyter Notebook 4.0.2 Jupyter Notebook 4.0.3 Jupyter Notebook 4.0.4 Jupyter Notebook 4.0.5 Jupyter Notebook 4.0.6 Jupyter Notebook 4.1.0 Jupyter Notebook 4.2.0 Jupyter Notebook 4.2.1 Jupyter Notebook 4.2.2 Jupyter Notebook 4.2.3 Jupyter Notebook 4.3.0 Jupyter Notebook 4.3.1 Jupyter Notebook 4.3.2 Jupyter Notebook 4.4.0 Jupyter Notebook 4.4.1 Jupyter Notebook 5.0.0 Jupyter Notebook 5.1.0 Jupyter Notebook 5.2.0 Jupyter Notebook 5.2.1 Jupyter Notebook 5.2.2 Jupyter Notebook 5.3.0 Jupyter Notebook 5.3.1 Jupyter Notebook 5.4.0 Jupyter Notebook 5.4.1	36

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References