Moderate severityNVD Advisory· Published Aug 28, 2023· Updated Feb 13, 2025

cross-site inclusion (XSSI) of files in jupyter-server

CVE-2023-40170

Description

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which has been included in release 2.7.2. Users are advised to upgrade. Users unable to upgrade may use the lower performance --ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler, which implements the correct checks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Jupyter Server had improper cross-site credential checks on /files/ URLs, allowing file content exposure; fixed in version 2.7.2.

Vulnerability

CVE-2023-40170 is an improper cross-site credential check vulnerability in Jupyter Server, the backend for Jupyter web applications. The issue affects /files/ URLs, where the server fails to properly validate credentials when serving files, potentially allowing unauthorized access to file contents [1].

Exploitation

An attacker can exploit this by tricking a user into opening an untrusted file using the "Open image in new tab" feature, which triggers a request to /files/ URLs. Because the credential checks are insufficient, the request may be processed with the user's credentials, exposing sensitive files [3].

Impact

Successful exploitation could lead to exposure of arbitrary file contents accessible to the Jupyter Server process. This includes configuration files, notebooks, or other data stored on the server, depending on the file system permissions [1].

Mitigation

The vulnerability is fixed in Jupyter Server version 2.7.2, which includes commit 87a49272728 that implements proper cross-site credential checks [1]. Users unable to upgrade can apply a workaround by using the lower-performance FilesHandler class: start the server with --ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler [3].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
jupyter-serverPyPI	< 2.7.2	2.7.2

Affected products

osv-coords3 versions
pkg:apk/chainguard/kubeflow-pipelines-visualization-server pkg:apk/wolfi/kubeflow-pipelines-visualization-server pkg:pypi/jupyter-server
< 2.4.0-r0+ 2 more
- (no CPE)range: < 2.4.0-r0
- (no CPE)range: < 2.4.0-r0
- (no CPE)range: < 2.7.2
jupyter-server/jupyter_serverv5
Range: < 2.7.2

Patches

87a492727281

Merge pull request from GHSA-64x5-55rw-9974

https://github.com/jupyter-server/jupyter_serverMin RKAug 18, 2023via ghsa

commit

1 file changed · +1 −0

jupyter_server/base/handlers.py+1 −0 modified

@@ -855,6 +855,7 @@ def head(self, path):
     @authorized
     def get(self, path, **kwargs):
         """Get a file by path."""
+        self.check_xsrf_cookie()
         if os.path.splitext(path)[1] == ".ipynb" or self.get_argument("download", None):
             name = path.rsplit("/", 1)[-1]
             self.set_attachment_header(name)

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000