Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Jupyter Notebook publicly accessible - Vulnerability Database

Jupyter Notebook publicly accessible

Description

Jupyter Notebook is a web-based interactive computing environment that enables users to create and share documents containing live code, equations, visualizations, and narrative text.

This vulnerability occurs when a Jupyter Notebook instance is deployed without authentication enabled, which is the default configuration. Unauthenticated access is particularly dangerous because Jupyter Notebook includes built-in Terminal functionality that allows users to execute arbitrary operating system commands directly on the host server. Exposing an unauthenticated Jupyter Notebook instance to the internet or untrusted networks creates a critical security risk equivalent to providing unrestricted shell access to potential attackers.

Remediation

Immediately restrict network access to the Jupyter Notebook instance and implement authentication:

1. Restrict Network Access:
Configure firewall rules to block external access to the Jupyter Notebook port (default 8888). Only allow connections from trusted IP addresses or internal networks. If using cloud infrastructure, configure security groups or network ACLs accordingly.

2. Enable Password Authentication:
Generate a password hash and configure it in the Jupyter configuration file:

jupyter notebook password
This will prompt you to enter and verify a password, then automatically update your jupyter_notebook_config.py file.

3. Use Token-Based Authentication:
Ensure token authentication is enabled (default in recent versions) by verifying your configuration includes:
c.NotebookApp.token = '<your-secure-token>'

4. Enable SSL/TLS:
Configure HTTPS to encrypt communications:
c.NotebookApp.certfile = '/path/to/cert.pem'
c.NotebookApp.keyfile = '/path/to/key.pem'

5. Disable Terminal Access:
If terminal functionality is not required, disable it entirely:
c.NotebookApp.terminals_enabled = False


For production environments, consider deploying JupyterHub with proper authentication backends (LDAP, OAuth, etc.) instead of standalone Jupyter Notebook instances.

References

Jupyter Interactive Notebook

Related Vulnerabilities

Apache Geronimo default administrative credentials High
Common tags: Configuration Insecure Admin Access
RethinkDB administrative interface publicly exposed High
Common tags: Configuration Insecure Admin Access
Unprotected phpMyAdmin interface High
Common tags: Configuration Insecure Admin Access
ColdFusion administrator login page publicly available Low
Common tags: Configuration Insecure Admin Access
Unprotected Apache NiFi API interface Medium
Common tags: Configuration Insecure Admin Access

Severity

High

Classification

CWE-78
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration
Insecure Admin Access