PT-2026-53453 · Pypi · Jupyter-Remote-Desktop-Proxy
Published
2026-06-29
·
Updated
2026-06-29
CVSS v4.0
9.0
Critical
| Vector | AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Summary
jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network.This vulnerability does not affect users having TurboVNC as the
vncserver executable.Credits
This vulnerability was identified by Arne Gottwald at University of Göttingen and analyzed, reported, and reviewed by @frejanordsiek.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jupyter-Remote-Desktop-Proxy