CVE-2023-39968

Name of the Vulnerable Software and Affected Versions jupyter-server versions prior to 2.7.2

Description The issue is an Open Redirect Vulnerability in jupyter-server, which is the backend for Jupyter web applications. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs.

Recommendations To resolve the issue, upgrade to Jupyter Server 2.7.2. As a temporary workaround, consider restricting access to the login functionality until the upgrade is applied. There are no known workarounds for this vulnerability.