1  info:
 2    name: jupyter-server
 3    cve: CVE-2023-49080
 4    summary: jupyter-server errors include tracebacks with path information
 5    details: |
 6      Unhandled errors in API requests include traceback information, which can include path information. 
 7      There is no known mechanism by which to trigger these errors without authentication, so the paths revealed 
 8      are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions 
 9      already in the same environment.
10    cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
11    severity: MEDIUM
12    security_advise: |
13      1. Upgrade to jupyter-server >= 2.11.2
14      2. Monitor for any further updates or patches related to this vulnerability
15  rule: version >= "0" && version < "2.11.2"
16  references:
17    - https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r
18    - https://nvd.nist.gov/vuln/detail/CVE-2023-49080
19    - https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652
20    - https://github.com/jupyter-server/jupyter_server
21    - https://github.com/pypa/advisory-database/tree/main/vulns/jupyter-server/PYSEC-2023-272.yaml
22    - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62LO7PPIAMLIDEKUOORXLHKLGA6QPL77
23    - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG2JWZI5KPUYMDPS53AIFTZJWZD3IT6I