CVE-2020-26215
Open redirect in Jupyter Notebook
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.
Jupyter Notebook anterior a la versión 6.1.5, presenta una vulnerabilidad de redireccionamiento abierto. Un enlace creado maliciosamente para un servidor de notebook podría redireccionar el navegador a un sitio web diferente. Todos los servidores de notebook están afectados técnicamente; sin embargo, estos enlaces diseñados maliciosamente solo pueden ser creados de forma razonable para hosts de servidores de notebook conocidos. Un enlace hacia su servidor notebook puede parecer seguro, pero en última instancia, redirecciona hacia un servidor falsificado en la internet pública. El problema está parcheado en la versión 6.1.5
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-01 CVE Reserved
- 2020-11-18 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74 | 2020-12-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jupyter Search vendor "Jupyter" | Notebook Search vendor "Jupyter" for product "Notebook" | < 6.1.5 Search vendor "Jupyter" for product "Notebook" and version " < 6.1.5" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|