jupyter-notebooks-exposed: Jupyter notebooks exposed to reading and writing

日期: 2025-08-01 | 影响软件: jupyter notebooks | POC: 已公开

漏洞描述

Jupyter notebooks are exposed.

PoC代码[已公开]

id: jupyter-notebooks-exposed

info:
  name: Jupyter notebooks exposed to reading and writing
  author: johnk3r
  severity: high
  description: Jupyter notebooks are exposed.
  reference:
    - https://blog.aquasec.com/python-ransomware-jupyter-notebook
  classification:
    cpe: cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: jupyter
    product: notebook
    shodan-query: title:"Home Page - Select or create a notebook"
  tags: jupyter,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 1

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains_any(body, '<title>Home Page - Select or create a notebook</title>', '<div> There are no notebooks running. </div>', '/lab/api/settings')"
        condition: and
# digest: 4a0a00473045022005910db6d2ce0d7c7b013b34565d544e7cb1aeb238c0edf1476df64bb2f41e41022100e8cbd6f57fc39ccb3a98a65c4080464e52c4cf18d066e74f1e867095de1d38ef:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/jupyter-notebooks-exposed.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐