medium

AI Hub Jupyter Notebook instance CSRF

Published Sat, Oct 17th, 2020
Platforms

Summary

AI Hub Jupyter Notebook server lacked a check of the Origin header that led to a CSRF vulnerability. An attacker could have read sensitive data and execute arbitrary actions in customer environments.

Affected Services

AI Hub Jupyter Notebook

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Tue, Mar 10th, 2020
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
s1r1us, null