
We found results for “”
CVE-2023-40170
Good to know:


Date: August 28, 2023
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on "/files/" URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit "87a49272728" which has been included in release "2.7.2". Users are advised to upgrade. Users unable to upgrade may use the lower performance "--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler", which implements the correct checks.
Language: Python
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |