Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4F089DD08EF78A9FA189847A9CF7197942AF4B08AF49A1F75E03ACBBC1005AE7
HistoryJul 03, 2019 - 4:15 p.m.

Security Bulletin: Jupyter vulnerabilities affect IBM Spectrum Conductor 2.3 and IBM Spectrum Conductor with Spark 2.2.1

2019-07-0316:15:01
www.ibm.com
6

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

Summary

There are multiple vulnerabilities in the Jupyter notebook used by IBM Spectrum Conductor with Spark 2.2.1 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor has addressed the applicable CVEs.

Vulnerability Details

CVE-ID: CVE-2019-9644 Description: Jupyter Notebook could allow a remote attacker to obtain sensitive information, caused by a cross-site inclusion flaw. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/158122&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVE-ID: CVE-2019-10255 Description: Jupyter Notebook and JupyterHub could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base Score: 7.4
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160618&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

CVE-ID: CVE-2019-10856 Description: Jupyter Notebook and JupyterHub could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base Score: 7.4
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/160049&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)

Affected Products and Versions

IBM Spectrum Conductor 2.3.0

IBM Spectrum Conductor with Spark 2.2.1

Remediation/Fixes

Download the interim fixes that correspond to your product version from IBM Fix Central, then follow the steps in the accompanying readme to apply the interim fix on Linux x86_64 hosts in your cluster:

IBM Spectrum Conductor 2.3.0 sc-2.3-build521530
IBM Spectrum Conductor 2.2.1 cws-2.2.1-build521531

Workarounds and Mitigations

None

Related

osv 10
veracode 3
prion 3
cvelist 3
cve 3
ubuntucve 3
github 4
debiancve 3
nessus 4
fedora 2
openvas 3
ubuntu 1
freebsd 1
mageia 1
osv
osv
CVE-2019-10856
2019-04-04 16:29:03
Jupyter Notebook open redirect vulnerability
2019-04-09 19:47:27
PYSEC-2019-158
2019-04-04 16:29:00
veracode
veracode
Open Redirect
2019-04-05 04:57:28
Open Redirect
2019-04-01 05:31:26
Cross-Site Script Inclusion (XSSI)
2019-03-13 00:54:04
prion
prion
Open redirect
2019-04-04 16:29:00
Open redirect
2019-03-28 16:29:00
Cross site scripting
2019-03-12 09:29:00
cvelist
cvelist
CVE-2019-10856
2019-04-04 15:48:33
CVE-2019-10255
2019-03-28 15:30:39
CVE-2019-9644
2019-03-12 06:00:00
cve
cve
CVE-2019-10856
2019-04-04 16:29:00
CVE-2019-10255
2019-03-28 16:29:00
CVE-2019-9644
2019-03-12 09:29:00
ubuntucve
ubuntucve
CVE-2019-10856
2019-04-04 00:00:00
CVE-2019-10255
2019-03-28 00:00:00
CVE-2019-9644
2019-03-12 00:00:00
github
github
Jupyter Notebook open redirect vulnerability
2019-04-09 19:47:27
Open Redirect vulnerability in jupyterhub and notebook
2019-04-02 15:46:54
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
2022-05-14 01:10:43
debiancve
debiancve
CVE-2019-10856
2019-04-04 16:29:00
CVE-2019-10255
2019-03-28 16:29:00
CVE-2019-9644
2019-03-12 09:29:00
nessus
nessus
Fedora 30 : python-notebook (2019-a6e1287e76)
2019-05-02 00:00:00
Fedora 29 : python-notebook (2019-9e67979b2a)
2019-04-12 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Jupyter Notebook vulnerabilities (USN-5585-1)
2022-08-30 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: python-notebook-5.7.8-1.fc30
2019-04-08 00:02:04
[SECURITY] Fedora 29 Update: python-notebook-5.7.8-1.fc29
2019-04-12 01:16:26
openvas
openvas
Fedora Update for python-notebook FEDORA-2019-9e67979b2a
2019-05-07 00:00:00
Ubuntu: Security Advisory (USN-5585-1)
2022-08-31 00:00:00
Mageia: Security Advisory (MGASA-2022-0323)
2022-09-12 00:00:00
ubuntu
ubuntu
Jupyter Notebook vulnerabilities
2022-08-30 00:00:00
freebsd
freebsd
Jupyter notebook -- open redirect vulnerability
2019-03-28 00:00:00
mageia
mageia
Updated jupyter-notebook packages fix security vulnerability
2022-09-10 23:26:43

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON
Related for 4F089DD08EF78A9FA189847A9CF7197942AF4B08AF49A1F75E03ACBBC1005AE7
osv10veracode3prion3cvelist3cve3ubuntucve3github4debiancve3nessus4fedora2openvas3ubuntu1freebsd1mageia1