CVE-2020-26232 Open redirect in Jupyter Server

2020-11-2421:10:14

CWE-601

GitHub_M

www.cve.org

open redirect vulnerability

jupyter server

maliciously crafted link

spoofed server

CVSS3

4.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.

CNA Affected

[
  {
    "product": "jupyter_server",
    "vendor": "jupyter",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.0.6"
      }
    ]
  }
]