Min RK

33 exploits Active since Sep 2015
CVE-2026-40864 WRITEUP MEDIUM WRITEUP
JupyterHub: Cross-origin form POSTs bypass XSRF
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection (updated in 4.1.0) inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attackers could trigger server spawn (but not access the server) and if the attacker is a JupyterHub user permitted to share access to their server, cause a user to accept a share and have access to the attacker's server. This issue has been fixed in version 5.4.5. If developers are unable to immediately upgrade, they can temporarily mitigate this issue by dropping requests to JupyterHub with Sec-Fetch-Mode: no-cors if they are using a reverse proxy.
CVSS 5.4
CVE-2015-4706 WRITEUP MEDIUM WRITEUP
IPython 3.x < 3.2 - Cross-Site Scripting via JSON Error Messages
Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.
CVSS 6.1
CVE-2015-4707 WRITEUP MEDIUM WRITEUP
IPython < 3.2.0 - Cross-Site Scripting via JSON Error Messages
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
CVSS 6.1
CVE-2015-5607 WRITEUP HIGH WRITEUP
IPython 2-3 - Cross-Site Request Forgery in REST API
Cross-site request forgery in the REST API in IPython 2 and 3.
CVSS 8.8
CVE-2019-10255 WRITEUP MEDIUM WRITEUP
JupyterHub < 0.9.5 and Jupyter Notebook < 5.7.7 - Open Redirect via Login Page
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.
CVSS 6.1
CVE-2019-10255 WRITEUP MEDIUM WRITEUP
JupyterHub < 0.9.5 and Jupyter Notebook < 5.7.7 - Open Redirect via Login Page
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.
CVSS 6.1
CVE-2024-41942 WRITEUP HIGH WRITEUP
JupyterHub <4.1.6, 5.1.0 - Privilege Escalation
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users. In effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue.
CVSS 7.2
CVE-2026-33175 WRITEUP HIGH WRITEUP
OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email is used as the usrname_claim, this gives users control over their username and the possibility of account takeover. This issue has been patched in version 17.4.0.
CVSS 8.8
CVE-2015-5607 WRITEUP HIGH WRITEUP
IPython 2-3 - Cross-Site Request Forgery in REST API
Cross-site request forgery in the REST API in IPython 2 and 3.
CVSS 8.8
CVE-2015-7337 WRITEUP WRITEUP
IPython Notebook < 3.2.2 and Jupyter Notebook 4.0.0-4.0.4 - Remote Code Execution via Crafted File MIME Type
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.
CVE-2015-7337 WRITEUP WRITEUP
IPython Notebook < 3.2.2 and Jupyter Notebook 4.0.0-4.0.4 - Remote Code Execution via Crafted File MIME Type
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.
CVE-2018-19352 WRITEUP MEDIUM WRITEUP
Jupyter Notebook < 5.7.2 - Cross-Site Scripting via Crafted Directory Name
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
CVSS 6.1
CVE-2019-10255 WRITEUP MEDIUM WRITEUP
JupyterHub < 0.9.5 and Jupyter Notebook < 5.7.7 - Open Redirect via Login Page
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.
CVSS 6.1
CVE-2020-15110 WRITEUP MEDIUM WRITEUP
jupyterhub-kubespawner <0.12 - Privilege Escalation
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
CVSS 6.8
CVE-2020-26215 WRITEUP MEDIUM WRITEUP
Jupyter Notebook < 6.1.5 - Open Redirect via Maliciously Crafted Link
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.
CVSS 4.4
CVE-2020-26250 WRITEUP MEDIUM WRITEUP
OAuthenticator <0.12.2 - Info Disclosure
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If this is the only mechanism of authorization restriction (i.e. no group or team restrictions in configuration) then all authenticated users will be allowed. Provider-based restrictions, including deprecated values such as `GitHubOAuthenticator.org_whitelist` are **not** affected. All users of OAuthenticator 0.12.0 and 0.12.1 with JupyterHub 1.2 (JupyterHub Helm chart 0.10.0-0.10.5) who use the `admin.whitelist.users` configuration in the jupyterhub helm chart or the `c.Authenticator.whitelist` configuration directly. Users of other deprecated configuration, e.g. `c.GitHubOAuthenticator.team_whitelist` are **not** affected. If you see a log line like this and expect a specific list of allowed usernames: "[I 2020-11-27 16:51:54.528 JupyterHub app:1717] Not using allowed_users. Any authenticated user will be allowed." you are likely affected. Updating oauthenticator to 0.12.2 is recommended. A workaround is to replace the deprecated `c.Authenticator.whitelist = ...` with `c.Authenticator.allowed_users = ...`. If any users have been authorized during this time who should not have been, they must be deleted via the API or admin interface, per the referenced documentation.
CVSS 6.3
CVE-2020-26261 WRITEUP HIGH WRITEUP
jupyterhub-systemdspawner < 0.15 - Unauthenticated User API Token Exposure via Systemd Environment
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15
CVSS 7.9
CVE-2020-26275 WRITEUP MEDIUM WRITEUP
Jupyter Server <1.1.1 - Open Redirect
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may *appear* safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. This is fixed in jupyter_server 1.1.1. If upgrade is not available, a workaround can be to run your server on a url prefix: "jupyter server --ServerApp.base_url=/jupyter/".
CVSS 6.1
CVE-2021-39160 WRITEUP CRITICAL WRITEUP
nbgitpuller 0.9.0-0.10.1 - OS Command Injection via Malicious Link
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade.
CVSS 9.6
CVE-2021-41247 WRITEUP LOW WRITEUP
JupyterHub 1.0.0-1.5.0 - Insufficient Session Expiration via Multiple JupyterLab Tabs
JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out.
CVSS 3.5
CVE-2022-21697 WRITEUP MEDIUM WRITEUP
jupyter_server_proxy < 3.2.1 - Authenticated Server-Side Request Forgery via Allowed Hosts Bypass
Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of input validation allows authenticated clients to proxy requests to other hosts, bypassing the `allowed_hosts` check. Because authentication is required, which already grants permissions to make the same requests via kernel or terminal execution, this is considered low to moderate severity. Users may upgrade to version 3.2.1 to receive a patch or, as a workaround, install the patch manually.
CVSS 6.3
CVE-2023-39968 WRITEUP MEDIUM WRITEUP
jupyter_server < 2.7.2 - Open Redirect via Malicious Login Links
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 4.3
CVE-2023-40170 WRITEUP MEDIUM WRITEUP
jupyter_server < 2.7.2 - Improper Access Control in Files Endpoint
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.
CVSS 4.6
CVE-2023-48311 WRITEUP HIGH WRITEUP
dockerspawner 0.11.0-12.x - Unauthenticated Arbitrary Docker Image Execution via Missing allowed_images Configuration
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior.
CVSS 8.0
CVE-2023-49080 WRITEUP LOW WRITEUP
jupyter_server < 2.11.2 - Authenticated Sensitive Information Exposure via API Error Traceback
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 3.5