Potential authentication and CSRF tokens leak in JupyterLab
CVE-2024-22421

7.6HIGH

Key Information:

Vendor

Jupyterlab

Status
Jupyterlab
Vendor
CVE Published:
19 January 2024

What is CVE-2024-22421?

A vulnerability exists in JupyterLab, a widely used interactive computing environment, where users with outdated jupyter-server versions may unintentionally expose their Authorization and XSRFToken tokens through malicious links. This poses a significant risk as attackers can leverage this data to exploit user accounts. JupyterLab has released updates in versions 4.1.0b2, 4.0.11, and 3.6.7 to address this issue. Users are strongly recommended to upgrade their jupyter-server to version 2.7.2 or later, which includes a fix for a critical redirect vulnerability. Awareness and immediate action are essential to safeguard against unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

jupyterlab < 3.6.7 < 3.6.7

jupyterlab >=4.0.0,< 4.0.11 < 4.0.0, 4.0.11

References

https://github.com/jupyterlab/jupyterlab/security/advisor...
x_refsource_CONFIRM
https://github.com/jupyterlab/jupyterlab/commit/19bd9b96c...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.