What is CVE-2022-29241?

CVE-2022-29241 is a high-severity vulnerability in Jupyter-server Jupyter_server, classified under Information Disclosure. CVSS score: 7.1/10. Published 2022-06-14.

How severe is CVE-2022-29241?

High severity. CVSS v3 base score is 7.1 out of 10.

Information disclosure in Jupyter-server Jupyter_server

CVE-2022-29241

Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the…

Vulnerability class: Information Disclosure

EPSS: 0.003 (50.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Jupyter-server Jupyter_server — versions < 1.17.1

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-29241?: CVE-2022-29241 is a high-severity vulnerability in Jupyter-server Jupyter_server, classified under Information Disclosure. CVSS score: 7.1/10. Published 2022-06-14.
How severe is CVE-2022-29241?: High severity. CVSS v3 base score is 7.1 out of 10.