Pmcao

**Name of the Vulnerable Software and Affected Versions** JupyterLab versions prior to 4.5.7 **Description** The PyPI Extension Manager does not correctly enforce the `allowed extensions uris` allow-list, allowing the installation of packages not listed on the default PyPI index. This issue affects deployments that use allow-lists to restrict package installation, have disabled kernels and terminals, or utilize multi-tenant configurations not set up for untrusted users. An authenticated attacker can exploit this to escalate privileges, potentially leading to data exfiltration, lateral movement within the network, and persistent compromise of the server infrastructure. **Recommendations** Update to version 4.5.7. As a temporary workaround, switch to a read-only extension manager by using the command line option `--LabApp.extension manager=readonly` or the traitlet `c.LabApp.extension manager = 'readonly'`.

**Name of the Vulnerable Software and Affected Versions** SciTokens versions prior to 1.9.6 **Description** SciTokens is a reference library for generating and using SciTokens. The KeyCache class was susceptible to SQL Injection due to the use of Python’s `str.format()` function to construct SQL queries with user-supplied data, such as the `issuer` and `key id`. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. The issue was addressed in version 1.9.6. **Recommendations** Update to SciTokens version 1.9.6 or later.

**Name of the Vulnerable Software and Affected Versions** SciTokens versions prior to 1.9.6 **Description** SciTokens is a library for generating and using SciTokens. The Enforcer component incorrectly validates scope paths using a simple prefix match, allowing a token with access to a specific path to also access sibling paths that share the same prefix. This results in an Authorization Bypass. The issue occurs because the `startswith` method is used for scope path validation, which is insufficient for secure access control. The vulnerable component is the `Enforcer`. **Recommendations** Update to SciTokens version 1.9.6 or later.

**Name of the Vulnerable Software and Affected Versions** SciTokens versions prior to 1.9.7 **Description** SciTokens is a library for generating and using SciTokens. The Enforcer component is susceptible to a path traversal issue. An attacker can exploit this by including 'dot-dot' (..) sequences within the scope claim of a token, allowing them to bypass intended directory restrictions. The library normalizes both the authorized path from the token and the requested path from the application before comparing them using the `startswith()` function, which enables the path traversal. **Recommendations** Update to version 1.9.7 or later.

**Name of the Vulnerable Software and Affected Versions** SciTokens C++ versions prior to 1.4.1 **Description** SciTokens C++ is a library for creating and using SciTokens. Versions before 1.4.1 have an authorization bypass when handling path-based scopes within tokens. The library normalizes the scope path, collapsing ".." path components instead of rejecting them. This allows an attacker to use parent directory traversal in the scope claim to expand authorization beyond the intended directory. The vulnerability occurs during the processing of the scope claim within SciTokens. **Recommendations** Update to SciTokens C++ version 1.4.1 or later.

Name of the Vulnerable Software and Affected Versions SciTokens C++ versions prior to 1.4.1 Description The SciTokens C++ library, used for creating and utilizing SciTokens, contains a flaw in its path-based scope validation. The enforcer performs a string-prefix comparison to verify if a requested resource path is within a token's authorized scope. This check lacks path-segment boundary enforcement, allowing a token scoped to one path to incorrectly authorize access to sibling paths sharing the same prefix. Recommendations Update to version 1.4.1 or later.