H3-2024-0033¶

Jupyter Server on Windows Credential Leak Vulnerability

Description¶

Jupyter Server running on Windows discloses the NTLMv2 password hash of the Windows user running the Jupyter Server. Note: this affects several products using the Jupyter Server including Jupyter Notebook and JupyterLab. Jupyter Hub does not officially support Windows.

Impact¶

Remote unauthenticated attackers can induce the vulnerable Jupyter Server to call back to an attacker controlled SMB server, leading to leakage of the NTLMv2 password hash of the Windows user running the Jupyter Server. Attackers can crack this password and use it to log into the vulnerable machine or other hosts in the network or third party services (credential stuffing). The vulnerability can also be abused for NTLM relay attacks, leading to access to other hosts in the network or Active Directory, without having to first crack the password hash.

References¶

• GitHub Security Advisory
• NVD: CVE-2024-35178