CVE-2025-32428

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-32428

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32428.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-32428

Aliases

GHSA-vrq4-9hc3-cgp7

Published

2025-04-15T00:15:14Z

Modified

2025-04-15T20:46:41.086186Z

Summary

[none]

Details

Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1.

References

Affected packages

Git / github.com/jupyterhub/jupyter-remote-desktop-proxy

Affected ranges

Type: GIT
Repo: https://github.com/jupyterhub/jupyter-remote-desktop-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7dd54c25a4253badd8ea68895437e5a66a59090d

Affected versions

v0.*

v0.1

v0.1.1

v0.1.2

v0.1.3

v1.*

v1.0

v1.1.0

v1.2.0

v1.2.1

v2.*

v2.0.0

v2.0.1

v3.*

v3.0.0