Miggo Logo
Miggo Vulnerability Database
CVE-2024-35178

CVE-2024-35178: Jupyter server on Windows discloses Windows user password hash

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-35178
GHSA ID
GHSA-hrw6-wg82-cm62
EPSS Score
0.42067%
CWE
CWE-200
Published
6/6/2024
Updated
1/21/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
jupyter_serverpip<= 2.14.02.14.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper path handling in Jupyter Server's filefind utility. The key evidence is:

  1. The patch explicitly modifies filefind to reject absolute paths and add path containment checks
  2. The commit message references GHSA-hrw6-wg82-cm62 and mentions preventing access to absolute paths
  3. The CVE description specifically implicates Windows UNC path handling leading to NTLM hash leakage
  4. The removed expand_path function contained Windows-specific UNC path handling logic that could enable SMB authentication triggers
  5. The test cases added in the patch verify rejection of absolute paths and path traversal attempts

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry Jupyt*r S*rv*r on Win*ows **s * vuln*r**ility t**t l*ts un*ut**nti**t** *tt**k*rs l**k t** NTLMv* p*sswor* **s* o* t** Win*ows us*r runnin* t** Jupyt*r s*rv*r. *n *tt**k*r **n *r**k t*is p*sswor* to **in ****ss to t** Win*ows m***in* *os

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* **n*lin* in Jupyt*r S*rv*r's *il**in* utility. T** k*y *vi**n** is: *. T** p*t** *xpli*itly mo*i*i*s *il**in* to r*j**t **solut* p*t*s *n* *** p*t* *ont*inm*nt ****ks *. T** *ommit m*ss*** r***r*n**s **S*-*r