7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-24758

GHSA ID

GHSA-m87f-39q9-6f55

EPSS Score

0.4078%

CWE

CWE-532

Published

4/5/2022

Updated

1/27/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-24758

CVE-2022-24758: Sensitive Auth & Cookie data stored in Jupyter server logs

Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server.

Upgrade to notebook version 6.4.10

For more information

If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.

Credit: @3coins for reporting. Thank you!

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-24758

GHSA ID

GHSA-m87f-39q9-6f55

EPSS Score

0.4078%

CWE

CWE-532

Published

4/5/2022

Updated

1/27/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
notebook	pip	< 6.4.10	6.4.10

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from error handling routines that log full request details. In Tornado-based applications like Jupyter Notebook:

The primary suspect is request logging infrastructure that includes headers in error scenarios
JupyterHandler.log_request is the core logging mechanism for HTTP requests
Server logs containing auth cookies imply header values are being captured during error logging
Websocket handlers would have similar logging patterns for errors
The patch likely modified these logging functions to filter sensitive headers While exact pre-patch code isn't available, Jupyter's Tornado architecture patterns and the vulnerability description strongly implicate these core logging functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*nytim* * *xx *rror is tri***r**, t** *ut* *ooki* *n* ot**r *****r v*lu*s *r* r**or*** in Jupyt*r s*rv*r lo*s *y ****ult. *onsi**rin* t**s* lo*s *o not r*quir* root ****ss, *n *tt**k*r **n monitor t**s* lo*s, st**l s*nsitiv* *ut*/*ooki* in*orm*tion,

Reasoning

T** vuln*r**ility st*ms *rom *rror **n*lin* routin*s t**t lo* *ull r*qu*st **t*ils. In Torn**o-**s** *ppli**tions lik* Jupyt*r Not**ook: *. T** prim*ry susp**t is r*qu*st lo**in* in*r*stru*tur* t**t in*lu**s *****rs in *rror s**n*rios *. Jupyt*r**n*l

7.5

Basic Information

Concerned about an active attack path?

CVE-2022-24758: Sensitive Auth & Cookie data stored in Jupyter server logs

For more information

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI