OESA-2024-2308

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2308

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-2308.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2024-2308

Upstream

CVE-2024-35178

Published

2024-11-01T11:09:29Z

Modified

2025-09-03T06:31:12.644685Z

Summary

python-jupyter-server security update

Details

The backend for Jupyter web applications

Security Fix(es):

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1.(CVE-2024-35178)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:24.03-LTS / python-jupyter-server

Package

Name: python-jupyter-server
Purl: pkg:rpm/openEuler/python-jupyter-server&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.0-2.oe2403

Ecosystem specific

{
    "src": [
        "python-jupyter-server-2.13.0-2.oe2403.src.rpm"
    ],
    "noarch": [
        "python3-jupyter-server-2.13.0-2.oe2403.noarch.rpm"
    ]
}