CVE-2024-41942

Summary

CVE-2024-41942 impacts versions prior to 4.1.6 and 5.1.0 of JupyterHub, a multi-user server for Jupyter notebooks. Users with the `admin:users` scope can escalate their privileges, making themselves full admin users, despite this scope being equivalent to having `admin=True` and intended for trusted users only. The vulnerability does not prevent users with other permissions, such as `groups`, from granting themselves or others permissions. Versions 4.1.6 and 5.1.0 have been released to address this issue and prevent the escalation to the built-in JupyterHub admin role.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.