Open Redirect vulnerability in jupyterhub and notebook · CVE-2019-10255 · GitHub Advisory Database · GitHub

Open Redirect vulnerability in jupyterhub and notebook

Moderate severity GitHub Reviewed Published Apr 2, 2019 to the GitHub Advisory Database • Updated Sep 5, 2023

Package

jupyterhub (pip)

Affected versions

< 0.9.6

Patched versions

0.9.6

notebook (pip)

< 5.7.8

5.7.8

Description

An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.8 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.6 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.

References

Published to the GitHub Advisory Database Apr 2, 2019

Reviewed Jun 16, 2020

Last updated Sep 5, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N