Vulnerability Description
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jupyter | Jupyter Server | < 1.0.6 |
Related Weaknesses (CWE)
References
- https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---Release NotesThird Party Advisory
- https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2PatchThird Party Advisory
- https://github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9Third Party Advisory
- https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---Release NotesThird Party Advisory
- https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2PatchThird Party Advisory
- https://github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9Third Party Advisory
FAQ
What is CVE-2020-26232?
CVE-2020-26232 is a vulnerability with a CVSS score of 4.1 (MEDIUM). Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are techni...
How severe is CVE-2020-26232?
CVE-2020-26232 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26232?
Check the references section above for vendor advisories and patch information. Affected products include: Jupyter Jupyter Server.