First published: Wed Nov 18 2020(Updated: )
### Impact _What kind of vulnerability is it? Who is impacted?_ Open redirect vulnerability - a maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may *appear* safe, but ultimately redirect to a spoofed server on the public internet. ### Patches _Has the problem been patched? What versions should users upgrade to?_ Patched in notebook 6.1.5 ### References [OWASP page on open redirects](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) ### For more information If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [security@ipython.org](mailto:security@ipython.org). Credit: zhuonan li of Alibaba Application Security Team
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jupyter Notebook | <6.1.5 | |
Debian Debian Linux | =9.0 | |
pip/notebook | <=6.1.4 | 6.1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Jupyter Notebook vulnerability is CVE-2020-26215.
CVE-2020-26215 could allow a remote attacker to conduct phishing attacks by exploiting an open redirect vulnerability, potentially redirecting victims to arbitrary websites.
CVE-2020-26215 has a severity rating of 7.4, which is considered high.
An attacker can exploit CVE-2020-26215 by using a specially-crafted URL to redirect a victim to arbitrary websites.
At the moment, there is no official fix available for CVE-2020-26215, so it is recommended to stay updated with the latest security patches and follow best practices to mitigate the risk.