CVE-2020-26215

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jupyter Notebook versions prior to 6.1.5

Description The issue is an open redirect vulnerability, where a maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to a notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet.

Recommendations For versions prior to 6.1.5, update to version 6.1.5 to resolve the issue. As a temporary workaround, consider restricting access to known notebook server hosts to minimize the risk of exploitation. Avoid using links that may appear safe but could ultimately redirect to a spoofed server on the public internet.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2021-2515

BIT-JUPYTER-BASE-NOTEBOOK-2020-26215

BIT-JUPYTER-NOTEBOOK-2020-26215

CVE-2020-26215

DLA-2477-1

GHSA-C7VM-F5P4-8FQH

MGASA-2020-0457

MGASA-2022-0323

OPENSUSE-SU-2021:0024-1

OPENSUSE-SU-2021:0078-1

OPENSUSE-SU-2021:0117-1

OPENSUSE-SU-2021_0024-1

OPENSUSE-SU-2021_0078-1

PYSEC-2020-215

USN-5585-1

Affected Products

Alt Linux

Jupyter Notebook

Linuxmint

Suse

Ubuntu

CVE-2020-26215

Weakness Enumeration

Related Identifiers

Affected Products

References · 49