CVE-2019-10255
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.
Una vulnerabilidad de redirección abierta para todos los navegadores en Jupyter Notebook, en versiones anteriores a la 5.7.7, y en algunos navegadores (Chrome, Firefox) en JupyterHub, en versiones anteriores a la 0.9.5, permite que los enlaces manipulados accedan a la página de inicio de sesión, lo que redirigirá a un sitio malicioso después de un inicio de sesión exitoso. No se ven afectados los servidores que ejecutan un prefijo "base_url".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-28 CVE Reserved
- 2019-03-28 CVE Published
- 2024-08-04 CVE Updated
- 2024-10-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (7)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jupyter Search vendor "Jupyter" | Jupyterhub Search vendor "Jupyter" for product "Jupyterhub" | < 0.9.5 Search vendor "Jupyter" for product "Jupyterhub" and version " < 0.9.5" | - |
Affected
| ||||||
Jupyter Search vendor "Jupyter" | Notebook Search vendor "Jupyter" for product "Notebook" | < 5.7.7 Search vendor "Jupyter" for product "Notebook" and version " < 5.7.7" | - |
Affected
|