Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0323
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0323)
Zusammenfassung:	The remote host is missing an update for the 'jupyter-notebook, python-nest-asyncio, python-send2trash' package(s) announced via the MGASA-2022-0323 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'jupyter-notebook, python-nest-asyncio, python-send2trash' package(s) announced via the MGASA-2022-0323 advisory. Vulnerability Insight: It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting (XSS) attacks on the notebook server. (CVE-2018-19351) It was discovered that Jupyter Notebook incorrectly handled certain SVG documents. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. (CVE-2018-21030) It was discovered that Jupyter Notebook incorrectly filtered certain URLs on the login page. An attacker could possibly use this issue to perform open-redirect attack. (CVE-2019-10255) It was discovered that Jupyter Notebook had an incomplete fix for CVE-2019-10255. An attacker could possibly use this issue to perform open-redirect attack using empty netloc. (CVE-2019-10856) It was discovered that Jupyter Notebook incorrectly handled the inclusion of remote pages on Jupyter server. An attacker could possibly use this issue to perform cross-site script inclusion (XSSI) attacks. (CVE-2019-9644) It was discovered that Jupyter Notebook incorrectly filtered certain URLs to a notebook. An attacker could possibly use this issue to perform open-redirect attack. (CVE-2020-26215) It was discovered that Jupyter Notebook server access logs were not protected. An attacker having access to the notebook server could possibly use this issue to get access to steal sensitive information such as auth/cookies. (CVE-2022-24758) It was discovered that Jupyter Notebook incorrectly configured hidden files on the server. An authenticated attacker could possibly use this issue to see unwanted sensitive hidden files from the server which may result in getting full access to the server. (CVE-2022-29238) Moment.js: Path traversal in moment.locale (CVE-2022-24785) moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) Affected Software/OS: 'jupyter-notebook, python-nest-asyncio, python-send2trash' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-19351 https://github.com/jupyter/notebook/blob/master/docs/source/changelog.rst https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491 https://groups.google.com/forum/#!topic/jupyter/hWzu2BSsplY https://pypi.org/project/notebook/#history https://lists.debian.org/debian-lts-announce/2020/11/msg00033.html Common Vulnerability Exposure (CVE) ID: CVE-2018-21030 https://github.com/jupyter/notebook/pull/3341 https://github.com/jupyter/notebook/releases/tag/5.5.0 Common Vulnerability Exposure (CVE) ID: CVE-2019-10255 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/ https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c Common Vulnerability Exposure (CVE) ID: CVE-2019-10856 https://github.com/jupyter/notebook/compare/16cf97c...b8e30ea Common Vulnerability Exposure (CVE) ID: CVE-2019-9644 https://github.com/jupyter/notebook/compare/f3f00df...05aa4b2 Common Vulnerability Exposure (CVE) ID: CVE-2020-26215 https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74 https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2022-24758 https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55 Common Vulnerability Exposure (CVE) ID: CVE-2022-24785 https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/ https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html Common Vulnerability Exposure (CVE) ID: CVE-2022-29238 https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg Common Vulnerability Exposure (CVE) ID: CVE-2022-31129 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/ https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 https://github.com/moment/moment/pull/6015#issuecomment-1152961973 https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.