Description

The Jupyter Notebook is a web-based notebook environment for interactive computing.

By default, the Jupyter Notebook doesn't require authentication. This web application includes a Terminal functionality that allows anybody to run arbitrary system commands. This web application should not be accessible on a production website without authentication.

Remediation

Disable external access to the Jupyter Notebook web application.

References

Jupyter Interactive Notebook

Related Vulnerabilities

The Heartbleed Bug

PHP session.use_trans_sid enabled

Yii2 Gii extension

PHP open_basedir Is Not Configured

Request Smuggling

Severity

High

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration Insecure Admin Access