CVE-2020-26215 — Open Redirect in Notebook

CWE-601 — Open Redirect9 documents7 sources

Severity

6.1MEDIUMNVD

CNA4.4

EPSS

0.8%

top 26.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jupyter Notebook Debian Linux

Timeline

PublishedNov 18

Latest updateAug 30

Description

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5jupyter/notebook< 6.1.5

▶NVDjupyter/notebook< 6.1.5

▶PyPIjupyter/notebook< 6.1.5

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

jupyter-notebook vulnerabilities↗2022-08-30

▶

OSV

Open redirect in Jupyter Notebook↗2020-11-18

▶

OSV

CVE-2020-26215: Jupyter Notebook before version 6↗2020-11-18

▶

GHSA

Open redirect in Jupyter Notebook↗2020-11-18

▶

CVEList

Open redirect in Jupyter Notebook↗2020-11-18

▶

📋Vendor Advisories

Ubuntu

Jupyter Notebook vulnerabilities↗2022-08-30

▶

Debian

CVE-2020-26215: jupyter-notebook - Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A mali...↗2020

▶

📄Research Papers

arXiv

Threat Assessment in Machine Learning based Systems↗2022-06-30

▶