Jupyter Core Uncontrolled Search Path Element Local Privilege Escalation Vulnerability on Windows

A local privilege escalation vulnerability has been identified in Jupyter Core versions prior to 5.8.0, specifically on Windows. The issue arises because the shared %PROGRAMDATA% directory is searched for configuration files, which may allow users to create files that affect other users. This vulnerability only impacts shared Windows systems with multiple users and unprotected %PROGRAMDATA% directories.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights or access on the system.

Remediation

Users should upgrade to Jupyter Core version 5.8.1 or later. For those using Jupyter Server, note that version 5.8.0 is patched but may cause compatibility issues. Alternatively, administrators can modify the permissions on the %PROGRAMDATA% directory to prevent unauthorized write access, create the %PROGRAMDATA%\jupyter directory with restrictive permissions, or set the %PROGRAMDATA% environment variable to a directory with appropriate permissions.