CVE-2019-10255 — Open Redirect in Jupyterhub
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 35.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 28
Latest updateJul 21
Description
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages4 packages
Patches
🔴Vulnerability Details
9📋Vendor Advisories
3📄Research Papers
1💬Community
3Bugzilla▶
CVE-2019-10255 python-notebook: Open redirect vulnerability in the login page [fedora-all]↗2019-03-30