Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2020-26215

Published: 18 November 2020

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

Priority

Medium

Cvss 3 Severity Score

6.1

Score breakdown

Status

Package Release Status
jupyter-notebook
Launchpad, Ubuntu, Debian
bionic
Released (5.2.2-1ubuntu0.1)
focal
Released (6.0.3-2ubuntu0.1)
groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(6.1.5-1ubuntu1)
impish Not vulnerable
(6.1.5-1ubuntu1)
jammy Not vulnerable
(6.1.5-1ubuntu1)
precise Does not exist

trusty Does not exist

upstream
Released (4.2.3-4+deb9u2, 6.1.5-1)
xenial Does not exist

Patches:
upstream: https://github.com/jupyter/notebook/commit/2e1c56b0c4a903606d4a2eb13e32409296b9799d
upstream: https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74

Severity score breakdown

Parameter Value
Base score 6.1
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Changed
Confidentiality Low
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N