Impact
On Windows, the shared %PROGRAMDATA% directory is searched for configuration files (SYSTEM_CONFIG_PATH and SYSTEM_JUPYTER_PATH), which may allow users to create configuration files affecting other users.
Only shared Windows systems with multiple users and unprotected %PROGRAMDATA% are affected.
Mitigations
- upgrade to
jupyter_core>=5.8.1 (5.8.0 is patched but breaks jupyter-server) , or
- as administrator, modify the permissions on the
%PROGRAMDATA% directory so it is not writable by unauthorized users, or
- as administrator, create the
%PROGRAMDATA%\jupyter directory with appropriately restrictive permissions, or
- as user or administrator, set the
%PROGRAMDATA% environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators or the current user)
Credit
Reported via Trend Micro Zero Day Initiative as ZDI-CAN-25932
krassowski Coordinator
Impact
On Windows, the shared
%PROGRAMDATA%directory is searched for configuration files (SYSTEM_CONFIG_PATHandSYSTEM_JUPYTER_PATH), which may allow users to create configuration files affecting other users.Only shared Windows systems with multiple users and unprotected
%PROGRAMDATA%are affected.Mitigations
jupyter_core>=5.8.1(5.8.0 is patched but breaksjupyter-server) , or%PROGRAMDATA%directory so it is not writable by unauthorized users, or%PROGRAMDATA%\jupyterdirectory with appropriately restrictive permissions, or%PROGRAMDATA%environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators or the current user)Credit
Reported via Trend Micro Zero Day Initiative as ZDI-CAN-25932