GitHub_MCVELIST:CVE-2023-39968CVE-2023-39968 Open Redirect Vulnerability in jupyter-server
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.5%
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit 29036259 which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CNA Affected
[
{
"vendor": "jupyter-server",
"product": "jupyter_server",
"versions": [
{
"version": "< 2.7.2",
"status": "affected"
}
]
}
]References
github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925
github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3
lists.fedoraproject.org/archives/list/[email protected]/message/NRP7DNZYVOIA4ZB3U3ZWKTFZEPYWNGCQ/
lists.fedoraproject.org/archives/list/[email protected]/message/XDKQAWQN6SQTOVACZNXYKEHWQXGG4DOF/
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.5%