漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Jupyter server on Windows discloses Windows user password hash
Vulnerability Description
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Jupyter Server 安全漏洞
Vulnerability Description
Jupyter Server是Jupyter组织的一款用于为Jupyter Web应用提供后端服务的应用软件。 Jupyter Server 2.14.1之前版本存在安全漏洞,该漏洞源于允许未经身份验证的攻击者泄露密码哈希。
CVSS Information
N/A
Vulnerability Type
N/A