CVE-2023-39968
Open Redirect Vulnerability in jupyter-server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
jupyter-server es el backend de las aplicaciones web de Jupyter. Vulnerabilidad de Redireccionamiento Abierto. Los enlaces de inicio de sesión creados maliciosamente a servidores Jupyter conocidos pueden provocar que un inicio de sesión exitoso o una sesión ya iniciada sea redirigida a sitios arbitrarios, que deben restringirse a las URL servidas por Jupyter Server. Este problema se solucionó en el commit "29036259", que se incluye en la versión 2.7.2. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-08-07 CVE Reserved
- 2023-08-28 CVE Published
- 2024-09-29 EPSS Updated
- 2024-09-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925 | 2023-09-15 |
URL | Date | SRC |
---|---|---|
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3 | 2023-09-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jupyter Search vendor "Jupyter" | Jupyter Server Search vendor "Jupyter" for product "Jupyter Server" | < 2.7.2 Search vendor "Jupyter" for product "Jupyter Server" and version " < 2.7.2" | - |
Affected
|