Product
high
advisory
JupyterHub Extension Manager API/GUI Policy Discrepancy Allows Malicious Extension Installation
2 rules 1 TTPJupyterLab versions prior to 4.5.7 do not correctly enforce the allow-list of extensions that can be installed from PyPI Extension Manager, allowing authenticated attackers to escalate privileges and potentially exfiltrate data, move laterally, and persistently compromise server infrastructure.
JupyterHub +2
jupyterlab
privilege-escalation
vulnerability
extension-manager
2r
1t
high
advisory
Jupyter Notebook Authentication Token Theft via CommandLinker XSS
2 rulesA stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook versions 7.0.0 through 7.5.5 and JupyterLab versions up to 4.5.6 allows attackers to steal authentication tokens by tricking users into interacting with malicious notebook files, leading to complete account takeover via the Jupyter REST API.
@jupyter-notebook/help-extension +4
xss
jupyter
authentication
account-takeover
vulnerability
2r