CVE-2019-10255

EUVD-2019-0436
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
jupyterjupyterhub
𝑥
< 0.9.5
jupyternotebook
𝑥
< 5.7.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jupyter-notebook
bookworm
6.4.12-2.2
fixed
bullseye
6.2.0-1
fixed
sid
6.4.13-2
fixed
stretch
no-dsa
trixie
6.4.13-2
fixed
jupyterhub
bookworm
3.0.0+ds1-1
fixed
sid
5.0.0+ds1-4
fixed
stretch
no-dsa
trixie
5.0.0+ds1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jupyter-notebook
bionic
Fixed 5.2.2-1ubuntu0.1
released
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b
https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed
https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/
https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b
https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed
https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMDPJBVXOVO6LYGAT46VZNHH6JKSCURO/