Vulnerabilities > CVE-2024-22421

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jupyter

fedoraproject

NVD

Published: 2024-01-19

Updated: 2024-11-21

Summary

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix.

Vulnerable Configurations

Part	Description	Count
Application	Jupyter Jupyter Notebook 7.0.0 Jupyter Jupyterlab * Jupyter Jupyterlab -	3
OS	Fedoraproject Fedoraproject Fedora 39	1

References

https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6
https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947
https://lists.fedoraproject.org/archives/list/[email protected]/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/
https://lists.fedoraproject.org/archives/list/[email protected]/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/

Vulnerabilities > CVE-2024-22421 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2024-22421"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2024-22421