PT-2026-53453 · Pypi · Jupyter-Remote-Desktop-Proxy

Publicado

2026-06-29

·

Atualizado

2026-06-29

CVSS v4.0

9.0

Crítica

VetorAV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Summary

jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network.
This vulnerability does not affect users having TurboVNC as the vncserver executable.

Credits

This vulnerability was identified by Arne Gottwald at University of Göttingen and analyzed, reported, and reviewed by @frejanordsiek.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

PYSEC-2026-365

Produtos afetados

Jupyter-Remote-Desktop-Proxy