Rashley-Iqt

**Name of the Vulnerable Software and Affected Versions** Open 5GS WebUI (affected versions not specified) **Description** The software utilizes a hard-coded JWT signing key ('change-me') if the `JWT SECRET KEY` environment variable is not set. This can allow attackers to forge JWTs and potentially gain unauthorized access. JWT (JSON Web Token) is a standard for securely transmitting information between parties as a JSON object. **Recommendations** Set the `JWT SECRET KEY` environment variable to a strong, randomly generated secret key.

**Name of the Vulnerable Software and Affected Versions** Jupyter Notebook versions prior to 6.4.12 **Description** The issue concerns Jupyter Notebook, a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories. This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. However, if a server's root directory contains sensitive files whose only protection from the server is being hidden, then any authenticated requests could access files if their names are guessable. **Recommendations** To resolve the issue, update to version 6.4.12 or later. As a temporary workaround, consider not running the notebook server in a directory with hidden files, and instead use subdirectories. Alternatively, use a custom ContentsManager with additional checks for `self.is hidden(path)` prior to completing actions.

**Name of the Vulnerable Software and Affected Versions** Jupyter Server versions prior to 1.17.1 Jupyter Notebook versions 6.4.0 through 6.4.11 Jupyter Lab versions 6.4.0 through 6.4.11 **Description** The issue allows an attacker to leak the access token assigned at start time by guessing or brute forcing the PID of the Jupyter server, if the notebook server is started with a value of `root dir` that contains the starting user's home directory. This requires an authenticated user session and can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak the access token to a malicious third party. The token can be used along with the REST API to interact with Jupyter services/notebooks, such as modifying or overwriting critical files, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. **Recommendations** For Jupyter Server versions prior to 1.17.1, update to version 1.17.1 or later to resolve the issue. For Jupyter Notebook versions 6.4.0 through 6.4.11, update to a version later than 6.4.11 to resolve the issue. For Jupyter Lab versions 6.4.0 through 6.4.11, update to a version later than 6.4.11 to resolve the issue. As a temporary workaround, consider restricting access to the REST API or disabling the `root dir` feature that contains the starting user's home directory until a patch is available.