Open Redirect Vulnerability in Jupyter Notebook and JupyterHub
CVE-2019-10255

6.1MEDIUM

Key Information:

Vendor

Jupyter

Status
Jupyterhub
Notebook
Vendor
CVE Published:
28 March 2019

What is CVE-2019-10255?

An Open Redirect vulnerability exists in Jupyter Notebook prior to version 5.7.7 and in JupyterHub prior to version 0.9.5. This vulnerability allows an attacker to craft specific links that, when accessed, can redirect users to a malicious website after they log in. This poses a significant security risk as it can lead to unauthorized access and potential data exposure, especially for users interacting with these applications through their browsers. Notably, installations using a base_url prefix are not affected by this issue.

References

https://github.com/jupyter/notebook/commit/d65328d4841892...
x_refsource_MISC
https://github.com/jupyter/notebook/commit/08c4c898182edb...
x_refsource_MISC
https://github.com/jupyter/notebook/commit/70fe9f0ddb3023...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.