SCA: security update for jupyter_server (GHSA-hrw6-wg82-cm62)

high Tenable Cloud Security Plugin ID 415935

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a
vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user
running the Jupyter server. An attacker can crack this password to gain access to the Windows machine
hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that
credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to
other network-accessible machines. This vulnerability is fixed in 2.14.1. (CVE-2024-35178)

See Also

https://github.com/advisories/GHSA-hrw6-wg82-cm62

Plugin Details

Severity: High

ID: 415935

Version: Revision 1.7

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.51

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-35178

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/6/2024

Vulnerability Publication Date: 6/6/2024

Reference Information

CVE: CVE-2024-35178

cwe: CWE-200