Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.

The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6153-1 advisory.

    It was discovered that Jupyter Core executed untrusted files in the current working directory. An attacker     could possibly use this issue to execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5422 advisory.

  - Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to     version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from     `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as     another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. (CVE-2022-39286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d966145959 advisory.

  - Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to     version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from     `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as     another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. (CVE-2022-39286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-de87bd076b advisory.

  - Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to     version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from     `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as     another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. (CVE-2022-39286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202301-04 (jupyter_core: Arbitrary Code Execution)

  - Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to     version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from     `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as     another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. (CVE-2022-39286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3195 advisory.

  - Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to     version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from     `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as     another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. (CVE-2022-39286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
177107	Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : Jupyter Core vulnerability (USN-6153-1)	Nessus	Ubuntu Local Security Checks	high
177097	Debian DSA-5422-1 : jupyter-core - security update	Nessus	Debian Local Security Checks	high
170768	Fedora 36 : python-jupyter-core (2023-d966145959)	Nessus	Fedora Local Security Checks	high
170764	Fedora 37 : python-jupyter-core (2023-de87bd076b)	Nessus	Fedora Local Security Checks	high
169837	GLSA-202301-04 : jupyter_core: Arbitrary Code Execution	Nessus	Gentoo Local Security Checks	high
167914	Debian DLA-3195-1 : jupyter-core - LTS security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2022-39286

high

Tenable Plugins

high

high

high

high

high

high