id: jupyter-ipython-unauth info: name: Jupyter ipython - Authorization Bypass author: pentest_swissky severity: critical description: Jupyter was able to be accessed without authentication. classification: cvss-score: 10.0 cvss-metrics: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cwe-id: CWE-288 tags: unauth,jupyter metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/ipython/tree" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - ipython/static/components - ipython/kernelspecs part: body # Enhanced by mp on 2022/05/20