A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
A vulnerabilityclassified ascriticalwas found in JupyterCore up to5.7.x on Windows.Themanipulationof the argument SYSTEM_CONFIG_PATH/SYSTEM_JUPYTER_PATH with an unknown input leads to aunknown weakness. The CWE definition for the vulnerability is CWE-427. The product uses a fixed or controlled search pathto find resources, butone or morelocations in that path can be underthecontrol of unintended actors.As an impactit is known to affect confidentiality, integrity, andavailability.Upgrading toversion 5.8.0 eliminates this vulnerability.
Jupyter Core isa package forthe corecommon functionalityof Jupyterprojects. When usingJupyter Coreprior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched forconfiguration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration filesaffecting other users.Only sharedWindows systems with multiple usersandunprotected `%PROGRAMDATA%` are affected.Users should upgrade to Jupyter Core version 5.8.0 orlater to receive a patch.Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA% jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
