jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.
History

Mon, 30 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-28T20:01:57.156Z

Updated: 2024-09-30T17:49:02.781Z

Reserved: 2023-08-09T15:26:41.051Z

Link: CVE-2023-40170

cve-icon Vulnrichment

Updated: 2024-08-02T18:24:55.535Z

cve-icon NVD

Status : Modified

Published: 2023-08-28T21:15:07.873

Modified: 2024-11-21T08:18:55.140

Link: CVE-2023-40170

cve-icon Redhat

No data.