Information disclosure in Jupyter-server Jupyter_server
CVE-2023-49080
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user includ…
EPSS: 0.002 (46.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N.
Affected products
- Jupyter-server Jupyter_server — versions < 2.11.2
Weakness classification (CWE)
References
- https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r (x_refsource_CONFIRM)
- https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652 (x_refsource_MISC)
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
Frequently asked questions
- What is CVE-2023-49080?
- CVE-2023-49080 is a low-severity vulnerability in Jupyter-server Jupyter_server, classified under Generation of Error Message Containing Sensitive Information. CVSS score: 3.5/10. Published 2023-12-04.
- How severe is CVE-2023-49080?
- Low severity. CVSS v3 base score is 3.5 out of 10.