CVE-2020-26232

Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.1 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
GitHub_MCNA
4.1 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
jupyterjupyter_server
𝑥
< 1.0.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jupyter-server
bullseye
1.2.2-1
fixed
bookworm
1.23.3-1
fixed
sid
2.14.2-4
fixed
trixie
2.14.2-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jupyter-server
groovy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---2020-11-18
https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157
https://github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v
https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---2020-11-18
https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157
https://github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v