CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26232 – Open redirect in Jupyter Server
https://notcve.org/view.php?id=CVE-2020-26232
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet. Jupyter Server anterior a versión 1.0.6, presenta una vulnerabilidad de redireccionamiento abierto. • https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---2020-11-18 https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157 https://github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26215 – Open redirect in Jupyter Notebook
https://notcve.org/view.php?id=CVE-2020-26215
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. • https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74 https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21030
https://notcve.org/view.php?id=CVE-2018-21030
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. Jupyter Notebook versiones anteriores a 5.5.0, no utiliza un encabezado CSP para tratar los archivos servidos como pertenecientes a un origen separado. Así, por ejemplo, se puede colocar una carga XSS en un documento SVG. • https://github.com/jupyter/notebook/pull/3341 https://github.com/jupyter/notebook/releases/tag/5.5.0 https://lists.debian.org/debian-lts-announce/2020/11/msg00033.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10856
https://notcve.org/view.php?id=CVE-2019-10856
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. En Jupyter Notebook, en versiones anteriores a la 5.7.8, puede ocurrir una redirección abierta mediante un netloc vacío. Este problema existe debido a una solución incompleta para CVE-2019-10255. • https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 https://github.com/jupyter/notebook/compare/16cf97c...b8e30ea • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10255
https://notcve.org/view.php?id=CVE-2019-10255
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. Una vulnerabilidad de redirección abierta para todos los navegadores en Jupyter Notebook, en versiones anteriores a la 5.7.7, y en algunos navegadores (Chrome, Firefox) en JupyterHub, en versiones anteriores a la 0.9.5, permite que los enlaces manipulados accedan a la página de inicio de sesión, lo que redirigirá a un sitio malicioso después de un inicio de sesión exitoso. No se ven afectados los servidores que ejecutan un prefijo "base_url". • https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb029a8ed https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UP5RLEES2JBBNSNLBR65XM6PCD4EMF7D https://lists.fedoraproject.org/archive • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •