Bug ID 1179413
Summary VUL-1: CVE-2020-26232: jupyter: open redirect vulnerability
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware Other
URL https://smash.suse.de/issue/272226/
OS Other
Status NEW
Severity Minor
Priority P5 - None
Component Security
Assignee toddrme2178@gmail.com
Reporter rfrohl@suse.com
QA Contact security-team@suse.de
CC mmachova@suse.com
Found By Security Response Team
Blocker ---

CVE-2020-26232

Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A
maliciously crafted link to a jupyter server could redirect the browser to a
different website. All jupyter servers are technically affected, however, these
maliciously crafted links can only be reasonably made for known jupyter server
hosts. A link to your jupyter server may appear safe, but ultimately redirect
to
a spoofed server on the public internet.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26232
https://github.com/jupyter/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v
https://github.com/jupyter-server/jupyter_server/blob/master/CHANGELOG.md#106---2020-11-18
https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157


You are receiving this mail because: