How severe is CVE-2023-40170?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2023-40170?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2023-40170 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.

Related Vulnerabilities

CVE-2014-8168

MEDIUM

CVSS:6.1(Medium)

Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.

CWE-2842014

CVE-2014-9717

MEDIUM

CVSS:6.1(Medium)

fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restri...

CWE-2842014

CVE-2016-1492

MEDIUM

CVSS:6.1(Medium)

The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveragin...

CWE-2842016

CVE-2016-5606

MEDIUM

CVSS:6.1(Medium)

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.

CWE-2842016

CVE-2016-5622

MEDIUM

CVSS:6.1(Medium)

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers...

CWE-2842016

CVE-2016-7223

MEDIUM

CVSS:6.1(Medium)

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files,...

CWE-2842016