http://bugzilla.opensuse.org/show_bug.cgi?id=1131105 Bug ID: 1131105 Summary: VUL-0: CVE-2019-10255: python-jupyter_notebook: Open redirect vulnerability in the login page Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/228357/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: toddrme2178@gmail.com Reporter: rfrohl@suse.com QA Contact: security-team@suse.de CC: arun@gmx.de Found By: Security Response Team Blocker: --- rh#1694274 An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. Upstream patch: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce5044... https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d55643... https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb... References: https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-a... References: https://bugzilla.redhat.com/show_bug.cgi?id=1694274 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10255 https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-a... https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce5044... https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d55643... https://github.com/jupyter/notebook/commit/d65328d4841892b412aef9015165db1eb... https://github.com/jupyter/notebook/compare/05aa4b2...16cf97c -- You are receiving this mail because: You are on the CC list for the bug.