Description

The Jupyter Notebook is a web-based notebook environment for interactive computing.

By default, the Jupyter Notebook doesn't require authentication. This web application includes a Terminal functionality that allows anybody to run arbitrary system commands. This web application should not be accessible on a production website without authentication.

Remediation

Disable external access to the Jupyter Notebook web application.

References

Related Vulnerabilities

Severity

High

Classification

CWE-16

Tags

Configuration