Access Control: Jupyter Notebook - Remote Command Execution¶

Identifier: jupyter_notebook_rce

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Jupyter Notebook interfaces may be exposed without proper authentication, allowing attackers to execute arbitrary code through the notebook API or terminal endpoints.

How we test: We attempt to access Jupyter Notebook API endpoints and terminal interfaces to detect if they are exposed without authentication. If accessible, we test for remote command execution vulnerabilities that could allow attackers to run arbitrary code on the server.

Reference:

https://github.com/SCAMagic/SCAMagicScan/blob/de8130a2280ee08d719ac6612e590b8e2678fb97/pocs/poc-yaml-jupyter-notebook-rce.py

Configuration¶

Example¶

Example configuration:

---
security_tests:
  jupyter_notebook_rce:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.