Vulnerability Found In Coursera Jupyter | Coursera Community
Coursera Header

Vulnerability Found In Coursera Jupyter

  • 27 August 2019
  • 6 replies

  • Anonymous
  • 0 replies
Coursera Added New Feature For University Of Michingan, I founded a vulnerability here is the proof

i can execute any command i once the subprocess module is loaded,

6 replies

Hi @DanielOX,

Jupyter Notebooks are a third party tool. It has been integrated with Coursera courses to enable learners to do programming assignments. So if this vulnerability is related to the structure of the tool, perhaps it would be better to report it to the provider:

Coursera takes all possible steps to protect the security of information shared with third-party tools. However, the third-party tool provider is ultimately responsible for the security and functionality of the tool itself.

But if this is something related to a particular assignment in a course environment, you would need to inform the course instructor and/or the teaching staff.

All the best.
@Maryam how one can delete the post here, i dont see any delete button here
Why does it hurt to be able to execute Any command? Elaborate. It's virtual you have elevated permissions. It's not like you can shut down their server or pull info about other computers on their network..... or username and emails? What malicious thing can you possibly execute? So what exactly is the vulnerability? I'm misunderstanding. O
@Maryam how one can delete the post here, i dont see any delete button here

Yes, this option is not available. The members cannot delete their threads and replies. Only the Community Managers (Laura and Claire) can do this.
Your thread is a good one which will do harm to no one. So deletion is not really needed. Of course, this is my personal opinion. 🙂
Userlevel 7
Badge +9
I've checked with our team and all Jupyter Notebooks are sandboxed to an individual learner so there is no code that you can execute that would affect anything outside of your own work.
Userlevel 1
Badge +2
you are provided with what you call virtual environment which means that you don't have access except for your provided area. you can even do this with your installed anaconda on your computer. people do this if they are using shared resource and if they want to test upgrades/packages which might cause problems if installed on the whole system.