漏洞描述
Jupyter Notebook(此前被称为 IPython notebook)是一个交互式笔记本,支持运行 40 多种编程语言。如果管理员未为JupyterNotebook配置密码,将导致未授权访问漏洞,游客可在其中创建一个console并执行任意Python代码和命令。
Jupyter Notebook 未授权访问远程命令执行漏洞
PoC代码
暂无相关漏洞推荐
- POC jupyterhub-default-login: Jupyterhub - Default Admin Discovery
- POC jupyter-notebook-unauthorized-access: Jupyter Notebook Unauthorized Access
- POC gcloud-vertexai-auto-upgrades: Automatic Upgrades Not Enabled for Vertex AI Notebooks
- POC gcloud-vertexai-default-vpc: Default VPC Network In Use for Vertex AI Notebooks
- POC gcloud-vertexai-external-ip: External IP Addresses Assigned to Vertex AI Notebooks
- POC gcloud-vertexai-idle-shutdown: Idle Shutdown Not Enabled for Vertex AI Notebooks
- POC gcloud-vertexai-integrity: Integrity Monitoring Not Enabled for Vertex AI Notebooks
- POC gcloud-vertexai-monitoring: Cloud Monitoring Not Enabled for Vertex AI Notebooks
- POC gcloud-vertexai-root-access: Root Access Not Disabled for Vertex AI Notebooks
- POC gcloud-vertexai-secure-boot: Secure Boot Not Enabled for Vertex AI Notebooks
- POC gcloud-vertexai-vtpm: Virtual Trusted Platform Module Not Enabled for Vertex AI Notebooks
- POC jupyter-notebook-rce: Jupyter Notebook RCE
- POC jupyterhub-default-login: Jupyterhub - Default Admin Discovery