Cyber Resilience

CVE-2024-28188

Medium

Published: 23 May 2024

Published
23 May 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0018 39.4th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-28188 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 39.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of `jupyter-scheduler` users maybe be exposed, potentially revealing information about projects that a specific user may be working…

more

on. This vulnerability has been patched in version(s) 1.1.6, 1.2.1, 1.8.2 and 2.5.2.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-200 CWE-287

Literacy training teaches users to recognize and avoid actions that result in unauthorized exposure of sensitive information.

addresses: CWE-200 CWE-287

Session auditing enables detection of unauthorized exposure or access to sensitive information during user activities.

addresses: CWE-200 CWE-287

Audit record review and analysis can detect unauthorized exposure or access to sensitive information.

addresses: CWE-287 CWE-200

Penetration testing probes authentication mechanisms for bypasses, allowing identification and fixing of improper authentication issues.

addresses: CWE-200 CWE-287

The integrated analysis team enables faster detection and containment of incidents involving unauthorized exposure of sensitive information, limiting attacker success in exploiting such weaknesses.

addresses: CWE-287 CWE-200

Security architectures must specify authentication requirements and approaches, making systemic authentication weaknesses harder to introduce.

addresses: CWE-200 CWE-287

Trained staff understand data-handling requirements and are less likely to expose sensitive information through misconfiguration or poor design.

addresses: CWE-287 CWE-200

Hunting detects anomalous authentication patterns or successful bypasses that allow persistent unauthorized entry.

References