CVE-2024-22415

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions jupyter-lsp versions prior to 2.2.2

Description The issue affects installations of jupyter-lsp running in environments without configured file system access control and with jupyter-server instances exposed to non-trusted networks, allowing unauthorized access and modification of the file system beyond the jupyter root directory.

Recommendations For versions prior to 2.2.2, upgrade to version 2.2.2 to resolve the issue. As a temporary workaround for users unable to upgrade, consider uninstalling jupyter-lsp. Users of jupyterlab who do not use jupyterlab-lsp can uninstall jupyter-lsp as a mitigation measure.

Exploit

Fix

Improper Access Control

Path traversal

Missing Authentication

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-22CWE-306CWE-23

Related Identifiers

CVE-2024-22415

GHSA-4QHP-652W-C22X

OPENSUSE-SU-2024:13601-1

Affected Products

Jupyter-Lsp

Jupyter Server

Jupyterlab

Jupyterlab-Lsp

CVE-2024-22415

Weakness Enumeration

Related Identifiers

Affected Products

References · 10