Vulnerability	Vulnerable Version
M Exposure of Sensitive Information to an Unauthorized Actor jupyter-scheduler is an A JupyterLab extension for running notebook jobs Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to improper authentication check on the endpoint `/scheduler/runtime_environments`. Exploiting this vulnerability allows an unauthenticated attacker to obtain the list of Conda environment names on the server Note This issue does not allow an unauthenticated third party to read, modify, or enter the Conda environments present on the server where jupyter_scheduler is running. This issue only reveals the list of Conda environment names. How to fix Exposure of Sensitive Information to an Unauthorized Actor? Upgrade `jupyter-scheduler` to version 1.1.6, 1.2.1, 1.8.2, 2.5.2 or higher.	[,1.1.6)[1.2.0,1.2.1)[1.3.0,1.8.2)[2.0.0,2.5.2)

Exposure of Sensitive Information to an Unauthorized Actor

jupyter-scheduler is an A JupyterLab extension for running notebook jobs

Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to improper authentication check on the endpoint /scheduler/runtime_environments. Exploiting this vulnerability allows an unauthenticated attacker to obtain the list of Conda environment names on the server

Note

This issue does not allow an unauthenticated third party to read, modify, or enter the Conda environments present on the server where jupyter_scheduler is running. This issue only reveals the list of Conda environment names.

How to fix Exposure of Sensitive Information to an Unauthorized Actor?

Upgrade jupyter-scheduler to version 1.1.6, 1.2.1, 1.8.2, 2.5.2 or higher.

[,1.1.6)[1.2.0,1.2.1)[1.3.0,1.8.2)[2.0.0,2.5.2)

Go back to all versions of this package