CVE-2020-26232
Open redirect in Jupyter Server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.
Jupyter Server anterior a versión 1.0.6, presenta una vulnerabilidad de redireccionamiento abierto. Un enlace creado con fines maliciosos en un servidor jupyter podría redireccionar el navegador a un sitio web diferente. Todos los servidores jupyter están afectados técnicamente; sin embargo, estos enlaces creados con fines maliciosos solo se pueden crear de forma razonable para hosts de servidores jupyter conocidos. Un enlace a su servidor jupyter puede parecer seguro, pero en última instancia redirecciona a un servidor falsificado en la internet pública
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-01 CVE Reserved
- 2020-11-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---2020-11-18 | Release Notes | |
https://github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157 | 2020-12-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jupyter Search vendor "Jupyter" | Jupyter Server Search vendor "Jupyter" for product "Jupyter Server" | < 1.0.6 Search vendor "Jupyter" for product "Jupyter Server" and version " < 1.0.6" | - |
Affected
|