Potential Reveal of Project Information Through List of Conda Environments
CVE-2024-28188

3.7LOW

Key Information:

Vendor: Jupyter-server
Status: Jupyter-scheduler
Vendor: CVE Published:; 23 May 2024

🔔 Create Jupyter-server Vulnerability Alert

What is CVE-2024-28188?

Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of jupyter-scheduler users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been patched in version(s) 1.1.6, 1.2.1, 1.8.2 and 2.5.2.

Affected Version(s)

jupyter-scheduler >= 1.0.0, <= 1.1.5 <= 1.0.0, 1.1.5

jupyter-scheduler = 1.2.0 = 1.2.0

jupyter-scheduler >= 1.3.0, <= 1.8.1 <= 1.3.0, 1.8.1

References

https://github.com/jupyter-server/jupyter-scheduler/secur...

x_refsource_CONFIRM

https://github.com/jupyter-server/jupyter_server/pull/1392

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2024
Vulnerability Reserved
Mar 6, 2024

JSON