H3-2022-0027¶

Unauthenticated Access to Jupyter

Description¶

The Jupyter application is accessible without any authentication.

Impact¶

An unauthenticated attacker can abuse access to a Jupyter notebook to execute remote code on the hosting server and completely compromise the host and all information stored on it.

References¶

• Jupyter Notebook unwittingly opens huge server security hole
• Security in the Jupyter notebook server
• CWE-306: Missing Authentication for Critical Function