漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insertion of Sensitive Information into Log File affects Jupyter Notebook
Vulnerability Description
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Jupyter Notebook 日志信息泄露漏洞
Vulnerability Description
Jupyter Notebook是一套用于创建、共享代码和说明性文本文档的开源Web应用程序。 Jupyter Notebook 6.4.9 之前版本存在日志信息泄露漏洞,该漏洞源于未经授权的参与者可以访问服务器日志中的敏感信息。攻击者可以监控这些日志,窃取敏感的 auth/cookie 信息。
CVSS Information
N/A
Vulnerability Type
N/A