Fedora 39 : python-jupyter-server (2023-5beead493f)

medium Nessus Plugin ID 186892



The remote Fedora host is missing one or more security updates.


The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-5beead493f advisory.

- The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-49080)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Update the affected python-jupyter-server package.

See Also


Plugin Details

Severity: Medium

ID: 186892

File Name: fedora_2023-5beead493f.nasl

Version: 1.2

Type: local

Agent: unix

Published: 12/14/2023

Updated: 12/21/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information


Risk Factor: Low

Score: 1.4


Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2023-49080


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:39, p-cpe:/a:fedoraproject:fedora:python-jupyter-server

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/5/2023

Vulnerability Publication Date: 12/4/2023

Reference Information

CVE: CVE-2023-49080