CVE-2022-24757
published 2022-03-23CVE-2022-24757: The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.21%
64.5th percentile
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | jupyter-server | < jupyter-server 1.16.0-1 (bookworm) | jupyter-server 1.16.0-1 (bookworm) |
| jupyter-server | jupyter_server | < 1.15.4 | 1.15.4 |
| jupyter | jupyter_server | < 1.15.4 | 1.15.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Insertion of Sensitive Information into Log File in Jupyter notebook
osv·2022-03-25
CVE-2022-24757 [HIGH] Insertion of Sensitive Information into Log File in Jupyter notebook
Insertion of Sensitive Information into Log File in Jupyter notebook
### Impact
_What kind of vulnerability is it?_
Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.
### Patches
_Has the problem been patched? What versions should users upgrade to?_
Upgrade to Jupyter Server version 1.15.4
### For more information
If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [[email protected]](mailto:[email protected]).
Credit: @3coins for reporting. Thank you!
GHSA
Insertion of Sensitive Information into Log File in Jupyter notebook
ghsa·2022-03-25
CVE-2022-24757 [HIGH] CWE-532 Insertion of Sensitive Information into Log File in Jupyter notebook
Insertion of Sensitive Information into Log File in Jupyter notebook
### Impact
_What kind of vulnerability is it?_
Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.
### Patches
_Has the problem been patched? What versions should users upgrade to?_
Upgrade to Jupyter Server version 1.15.4
### For more information
If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [[email protected]](mailto:[email protected]).
Credit: @3coins for reporting. Thank you!
OSV
CVE-2022-24757: The Jupyter Server provides the backend (i
osv·2022-03-23·CVSS 7.5
CVE-2022-24757 [HIGH] CVE-2022-24757: The Jupyter Server provides the backend (i
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.
Debian
CVE-2022-24757: jupyter-server - The Jupyter Server provides the backend (i.e. the core services, APIs, and REST ...
vendor_debian·2022·CVSS 7.5
CVE-2022-24757 [HIGH] CVE-2022-24757: jupyter-server - The Jupyter Server provides the backend (i.e. the core services, APIs, and REST ...
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.
Scope: local
bookworm: resolved (fixed in 1.16.0-1)
bullseye: open
forky: resolved (fixed in 1.16.0-1)
sid: resolved (fixed in 1.16.0-1)
trixie: resolved (fixed in 1.16.0-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5ahttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cprhttps://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5ahttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr
2022-03-23
Published