CVE-2024-22415 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-22415 Interim 1 4 2025-02-16T01:36:32Z current 2024-01-20T00:08:46Z 2025-02-16T01:36:32Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-22415 jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed jupyter-lsp-2.2.2-1.1 python310-jupyter-lsp-2.2.2-1.1 python311-jupyter-lsp-2.2.2-1.1 python39-jupyter-lsp-2.2.2-1.1 jupyter-lsp-2.2.2-1.1 as a component of openSUSE Tumbleweed python310-jupyter-lsp-2.2.2-1.1 as a component of openSUSE Tumbleweed python311-jupyter-lsp-2.2.2-1.1 as a component of openSUSE Tumbleweed python39-jupyter-lsp-2.2.2-1.1 as a component of openSUSE Tumbleweed jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp. CVE-2024-22415 openSUSE Tumbleweed:jupyter-lsp-2.2.2-1.1 openSUSE Tumbleweed:python310-jupyter-lsp-2.2.2-1.1 openSUSE Tumbleweed:python311-jupyter-lsp-2.2.2-1.1 openSUSE Tumbleweed:python39-jupyter-lsp-2.2.2-1.1 critical 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H