Impact
The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.
A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user.
Patches
JupyterLab v4.0.11 was patched.
Workarounds
Users can disable the table of contents plugin by running:
jupyter labextension disable @jupyterlab/toc-extension:registry
To confirm that this plugin was disabled run:
jupyter labextension list
References
Vulnerability reported via the bug bounty program sponsored by the European Commission and hosted on the Intigriti platform.
Impact
The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.
A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user.
Patches
JupyterLab v4.0.11 was patched.
Workarounds
Users can disable the table of contents plugin by running:
To confirm that this plugin was disabled run:
References
Vulnerability reported via the bug bounty program sponsored by the European Commission and hosted on the Intigriti platform.