cvelistv5 - cve-2020-26215

CVE-2020-26215 (GCVE-0-2020-26215)

Vulnerability from cvelistv5 – Published: 2020-11-18 21:20 – Updated: 2024-08-04 15:49

Summary

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L

CWE

CWE-601 - {"CWE-601":"URL Redirection to Untrusted Site ('Open Redirect')"}

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	jupyter	notebook	Affected: < 6.1.5

CNVD-2022-06545

Vulnerability from cnvd - Published: 2022-01-25

Title

Jupyter Notebook重定向漏洞

Description

Jupyter Notebook是一款开源Web应用程序，可让您创建和共享包含实时代码、方程式、可视化和叙述文本的文档。 Jupyter Notebook 6.1.5之前版本存在重定向漏洞。攻击者可通过指向Notebook服务器的恶意链接利用该漏洞将浏览器重定向到其他网站。

Severity

中

Patch Name

Jupyter Notebook开放重定向漏洞的补丁

Patch Description

Jupyter Notebook是一款开源Web应用程序，可让您创建和共享包含实时代码、方程式、可视化和叙述文本的文档。 Jupyter Notebook 6.1.5之前版本存在开放重定向漏洞。攻击者可通过指向Notebook服务器的恶意链接利用该漏洞将浏览器重定向到其他网站。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-26215

Impacted products

Name
IPython development team. Notebook <6.1.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-26215",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-26215"
    }
  },
  "description": "Jupyter Notebook\u662f\u4e00\u6b3e\u5f00\u6e90Web\u5e94\u7528\u7a0b\u5e8f\uff0c\u53ef\u8ba9\u60a8\u521b\u5efa\u548c\u5171\u4eab\u5305\u542b\u5b9e\u65f6\u4ee3\u7801\u3001\u65b9\u7a0b\u5f0f\u3001\u53ef\u89c6\u5316\u548c\u53d9\u8ff0\u6587\u672c\u7684\u6587\u6863\u3002\n\nJupyter Notebook 6.1.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6307\u5411Notebook\u670d\u52a1\u5668\u7684\u6076\u610f\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6d4f\u89c8\u5668\u91cd\u5b9a\u5411\u5230\u5176\u4ed6\u7f51\u7ad9\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-06545",
  "openTime": "2022-01-25",
  "patchDescription": "Jupyter Notebook\u662f\u4e00\u6b3e\u5f00\u6e90Web\u5e94\u7528\u7a0b\u5e8f\uff0c\u53ef\u8ba9\u60a8\u521b\u5efa\u548c\u5171\u4eab\u5305\u542b\u5b9e\u65f6\u4ee3\u7801\u3001\u65b9\u7a0b\u5f0f\u3001\u53ef\u89c6\u5316\u548c\u53d9\u8ff0\u6587\u672c\u7684\u6587\u6863\u3002\r\n\r\nJupyter Notebook 6.1.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6307\u5411Notebook\u670d\u52a1\u5668\u7684\u6076\u610f\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6d4f\u89c8\u5668\u91cd\u5b9a\u5411\u5230\u5176\u4ed6\u7f51\u7ad9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Jupyter Notebook\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IPython development team.  Notebook \u003c6.1.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-26215",
  "serverity": "\u4e2d",
  "submitTime": "2020-11-19",
  "title": "Jupyter Notebook\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

GHSA-C7VM-F5P4-8FQH

Vulnerability from github – Published: 2020-11-18 21:06 – Updated: 2024-09-25 17:58

Summary

Open redirect in Jupyter Notebook

Details

Impact

What kind of vulnerability is it? Who is impacted?

Open redirect vulnerability - a maliciously crafted link to a notebook server could redirect the browser to a different website.

All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet.

Patches

Has the problem been patched? What versions should users upgrade to?

Patched in notebook 6.1.5

References

OWASP page on open redirects

For more information

If you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list security@ipython.org.

Credit: zhuonan li of Alibaba Application Security Team

Severity ?

4.4 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L

2.0 (Low)


                  
                    CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.1.4"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-11-18T21:05:41Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nOpen redirect vulnerability - a maliciously crafted link to a notebook server could redirect the browser to a different website.\n\nAll notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may *appear* safe, but ultimately redirect to a spoofed server on the public internet.\n\n### Patches\n\n_Has the problem been patched? What versions should users upgrade to?_\n\nPatched in notebook 6.1.5\n\n\n### References\n\n[OWASP page on open redirects](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html)\n\n### For more information\n\nIf you have any questions or comments about this advisory, or vulnerabilities to report, please email our security list [security@ipython.org](mailto:security@ipython.org).\n\nCredit: zhuonan li of Alibaba Application Security Team",
  "id": "GHSA-c7vm-f5p4-8fqh",
  "modified": "2024-09-25T17:58:43Z",
  "published": "2020-11-18T21:06:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26215"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jupyter/notebook"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/notebook/PYSEC-2020-215.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Open redirect in Jupyter Notebook"
}

GSD-2020-26215

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-26215

Aliases

CVE-2020-26215

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-26215",
    "description": "Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.",
    "id": "GSD-2020-26215",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-26215.html",
      "https://advisories.mageia.org/CVE-2020-26215.html",
      "https://ubuntu.com/security/CVE-2020-26215"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-26215"
      ],
      "details": "Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.",
      "id": "GSD-2020-26215",
      "modified": "2023-12-13T01:22:08.573689Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-26215",
        "STATE": "PUBLIC",
        "TITLE": "Open redirect in Jupyter Notebook"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "notebook",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 6.1.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "jupyter"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "{\"CWE-601\":\"URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"}"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh",
            "refsource": "CONFIRM",
            "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh"
          },
          {
            "name": "https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74",
            "refsource": "MISC",
            "url": "https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74"
          },
          {
            "name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2477-1] jupyter-notebook security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-c7vm-f5p4-8fqh",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c6.1.5",
          "affected_versions": "All versions before 6.1.5",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-601",
            "CWE-937"
          ],
          "date": "2020-12-03",
          "description": "Jupyter Notebook has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched ",
          "fixed_versions": [
            "6.1.5"
          ],
          "identifier": "CVE-2020-26215",
          "identifiers": [
            "CVE-2020-26215",
            "GHSA-c7vm-f5p4-8fqh"
          ],
          "not_impacted": "All versions starting from 6.1.5",
          "package_slug": "pypi/notebook",
          "pubdate": "2020-11-18",
          "solution": "Upgrade to version 6.1.5 or above.",
          "title": "URL Redirection to Untrusted Site (Open Redirect)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-26215"
          ],
          "uuid": "0a77a5e3-bb78-482b-9f1a-5af9f9d19b13"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-26215"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-601"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh"
            },
            {
              "name": "https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74"
            },
            {
              "name": "[debian-lts-announce] 20201202 [SECURITY] [DLA 2477-1] jupyter-notebook security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2020-12-03T15:59Z",
      "publishedDate": "2020-11-18T22:15Z"
    }
  }
}

OPENSUSE-SU-2021:0024-1

Vulnerability from csaf_opensuse - Published: 2021-01-07 15:25 - Updated: 2021-01-07 15:25

Summary

Security update for python-notebook

Notes

Title of the patch

Security update for python-notebook

Description of the patch

This update for python-notebook fixes the following issue: - CVE-2020-26215: Fixed an open redirect vulnerability (boo#1180458).

Patchnames

openSUSE-2021-24

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for python-notebook",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for python-notebook fixes the following issue:\n\n- CVE-2020-26215: Fixed an open redirect vulnerability (boo#1180458).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-24",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0024-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:0024-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T2R7EJ2EM5E7MLFSQTMZGFVV45CYMONR/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:0024-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T2R7EJ2EM5E7MLFSQTMZGFVV45CYMONR/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180458",
        "url": "https://bugzilla.suse.com/1180458"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-26215 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-26215/"
      }
    ],
    "title": "Security update for python-notebook",
    "tracking": {
      "current_release_date": "2021-01-07T15:25:16Z",
      "generator": {
        "date": "2021-01-07T15:25:16Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:0024-1",
      "initial_release_date": "2021-01-07T15:25:16Z",
      "revision_history": [
        {
          "date": "2021-01-07T15:25:16Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jupyter-notebook-5.7.8-lp152.2.3.1.noarch",
                "product": {
                  "name": "jupyter-notebook-5.7.8-lp152.2.3.1.noarch",
                  "product_id": "jupyter-notebook-5.7.8-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jupyter-notebook-doc-5.7.8-lp152.2.3.1.noarch",
                "product": {
                  "name": "jupyter-notebook-doc-5.7.8-lp152.2.3.1.noarch",
                  "product_id": "jupyter-notebook-doc-5.7.8-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jupyter-notebook-lang-5.7.8-lp152.2.3.1.noarch",
                "product": {
                  "name": "jupyter-notebook-lang-5.7.8-lp152.2.3.1.noarch",
                  "product_id": "jupyter-notebook-lang-5.7.8-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "jupyter-notebook-latex-5.7.8-lp152.2.3.1.noarch",
                "product": {
                  "name": "jupyter-notebook-latex-5.7.8-lp152.2.3.1.noarch",
                  "product_id": "jupyter-notebook-latex-5.7.8-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-notebook-5.7.8-lp152.2.3.1.noarch",
                "product": {
                  "name": "python2-notebook-5.7.8-lp152.2.3.1.noarch",
                  "product_id": "python2-notebook-5.7.8-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-notebook-lang-5.7.8-lp152.2.3.1.noarch",
                "product": {
                  "name": "python2-notebook-lang-5.7.8-lp152.2.3.1.noarch",
                  "product_id": "python2-notebook-lang-5.7.8-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-notebook-5.7.8-lp152.2.3.1.noarch",
                "product": {
                  "name": "python3-notebook-5.7.8-lp152.2.3.1.noarch",
                  "product_id": "python3-notebook-5.7.8-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-notebook-lang-5.7.8-lp152.2.3.1.noarch",
                "product": {
                  "name": "python3-notebook-lang-5.7.8-lp152.2.3.1.noarch",
                  "product_id": "python3-notebook-lang-5.7.8-lp152.2.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jupyter-notebook-5.7.8-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:jupyter-notebook-5.7.8-lp152.2.3.1.noarch"
        },
        "product_reference": "jupyter-notebook-5.7.8-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jupyter-notebook-doc-5.7.8-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:jupyter-notebook-doc-5.7.8-lp152.2.3.1.noarch"
        },
        "product_reference": "jupyter-notebook-doc-5.7.8-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jupyter-notebook-lang-5.7.8-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:jupyter-notebook-lang-5.7.8-lp152.2.3.1.noarch"
        },
        "product_reference": "jupyter-notebook-lang-5.7.8-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jupyter-notebook-latex-5.7.8-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:jupyter-notebook-latex-5.7.8-lp152.2.3.1.noarch"
        },
        "product_reference": "jupyter-notebook-latex-5.7.8-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-notebook-5.7.8-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python2-notebook-5.7.8-lp152.2.3.1.noarch"
        },
        "product_reference": "python2-notebook-5.7.8-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-notebook-lang-5.7.8-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python2-notebook-lang-5.7.8-lp152.2.3.1.noarch"
        },
        "product_reference": "python2-notebook-lang-5.7.8-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-notebook-5.7.8-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-notebook-5.7.8-lp152.2.3.1.noarch"
        },
        "product_reference": "python3-notebook-5.7.8-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-notebook-lang-5.7.8-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-notebook-lang-5.7.8-lp152.2.3.1.noarch"
        },
        "product_reference": "python3-notebook-lang-5.7.8-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-26215",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-26215"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:jupyter-notebook-5.7.8-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:jupyter-notebook-doc-5.7.8-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:jupyter-notebook-lang-5.7.8-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:jupyter-notebook-latex-5.7.8-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:python2-notebook-5.7.8-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:python2-notebook-lang-5.7.8-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:python3-notebook-5.7.8-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:python3-notebook-lang-5.7.8-lp152.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-26215",
          "url": "https://www.suse.com/security/cve/CVE-2020-26215"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180458 for CVE-2020-26215",
          "url": "https://bugzilla.suse.com/1180458"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:jupyter-notebook-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:jupyter-notebook-doc-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:jupyter-notebook-lang-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:jupyter-notebook-latex-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:python2-notebook-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:python2-notebook-lang-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:python3-notebook-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:python3-notebook-lang-5.7.8-lp152.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:jupyter-notebook-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:jupyter-notebook-doc-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:jupyter-notebook-lang-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:jupyter-notebook-latex-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:python2-notebook-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:python2-notebook-lang-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:python3-notebook-5.7.8-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:python3-notebook-lang-5.7.8-lp152.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-07T15:25:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-26215"
    }
  ]
}

OPENSUSE-SU-2021:0117-1

Vulnerability from csaf_opensuse - Published: 2021-01-19 15:26 - Updated: 2021-01-19 15:26

Summary

Security update for python-jupyter_notebook

Notes

Title of the patch

Security update for python-jupyter_notebook

Description of the patch

This update for python-jupyter_notebook fixes the following issue: - CVE-2020-26215: Fixed an open redirect vulnerability (boo#1180458). This update was imported from the openSUSE:Leap:15.1:Update update project.

Patchnames

openSUSE-2021-117

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for python-jupyter_notebook",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for python-jupyter_notebook fixes the following issue:\n\n- CVE-2020-26215: Fixed an open redirect vulnerability (boo#1180458).\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-117",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0117-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:0117-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OH7ZP2LBWERB26YSK5VYEQ2JEDDJXUOG/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:0117-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OH7ZP2LBWERB26YSK5VYEQ2JEDDJXUOG/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180458",
        "url": "https://bugzilla.suse.com/1180458"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-26215 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-26215/"
      }
    ],
    "title": "Security update for python-jupyter_notebook",
    "tracking": {
      "current_release_date": "2021-01-19T15:26:14Z",
      "generator": {
        "date": "2021-01-19T15:26:14Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:0117-1",
      "initial_release_date": "2021-01-19T15:26:14Z",
      "revision_history": [
        {
          "date": "2021-01-19T15:26:14Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-jupyter_notebook-doc-5.7.7-bp151.3.3.1.noarch",
                "product": {
                  "name": "python-jupyter_notebook-doc-5.7.7-bp151.3.3.1.noarch",
                  "product_id": "python-jupyter_notebook-doc-5.7.7-bp151.3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
                "product": {
                  "name": "python2-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
                  "product_id": "python2-jupyter_notebook-5.7.7-bp151.3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
                "product": {
                  "name": "python2-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
                  "product_id": "python2-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch",
                "product": {
                  "name": "python2-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch",
                  "product_id": "python2-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
                "product": {
                  "name": "python3-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
                  "product_id": "python3-jupyter_notebook-5.7.7-bp151.3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
                "product": {
                  "name": "python3-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
                  "product_id": "python3-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch",
                "product": {
                  "name": "python3-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch",
                  "product_id": "python3-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP1",
                "product": {
                  "name": "SUSE Package Hub 15 SP1",
                  "product_id": "SUSE Package Hub 15 SP1"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jupyter_notebook-doc-5.7.7-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:python-jupyter_notebook-doc-5.7.7-bp151.3.3.1.noarch"
        },
        "product_reference": "python-jupyter_notebook-doc-5.7.7-bp151.3.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-jupyter_notebook-5.7.7-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:python2-jupyter_notebook-5.7.7-bp151.3.3.1.noarch"
        },
        "product_reference": "python2-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:python2-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch"
        },
        "product_reference": "python2-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:python2-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch"
        },
        "product_reference": "python2-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-jupyter_notebook-5.7.7-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:python3-jupyter_notebook-5.7.7-bp151.3.3.1.noarch"
        },
        "product_reference": "python3-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:python3-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch"
        },
        "product_reference": "python3-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:python3-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch"
        },
        "product_reference": "python3-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-26215",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-26215"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:python-jupyter_notebook-doc-5.7.7-bp151.3.3.1.noarch",
          "SUSE Package Hub 15 SP1:python2-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
          "SUSE Package Hub 15 SP1:python2-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
          "SUSE Package Hub 15 SP1:python2-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch",
          "SUSE Package Hub 15 SP1:python3-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
          "SUSE Package Hub 15 SP1:python3-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
          "SUSE Package Hub 15 SP1:python3-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-26215",
          "url": "https://www.suse.com/security/cve/CVE-2020-26215"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180458 for CVE-2020-26215",
          "url": "https://bugzilla.suse.com/1180458"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:python-jupyter_notebook-doc-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python2-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python2-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python2-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python3-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python3-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python3-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP1:python-jupyter_notebook-doc-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python2-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python2-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python2-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python3-jupyter_notebook-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python3-jupyter_notebook-lang-5.7.7-bp151.3.3.1.noarch",
            "SUSE Package Hub 15 SP1:python3-jupyter_notebook-latex-5.7.7-bp151.3.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-19T15:26:14Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-26215"
    }
  ]
}

OPENSUSE-SU-2021:0078-1

Vulnerability from csaf_opensuse - Published: 2021-01-16 11:24 - Updated: 2021-01-16 11:24

Summary

Security update for python-jupyter_notebook

Notes

Title of the patch

Security update for python-jupyter_notebook

Description of the patch

This update for python-jupyter_notebook fixes the following issue: - CVE-2020-26215: Fixed an open redirect vulnerability (boo#1180458).

Patchnames

openSUSE-2021-78

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for python-jupyter_notebook",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for python-jupyter_notebook fixes the following issue:\n\n- CVE-2020-26215: Fixed an open redirect vulnerability (boo#1180458).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-78",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0078-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:0078-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PBYYAJDZEGK7HWUZML3NOYSMWWR5CVC3/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:0078-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PBYYAJDZEGK7HWUZML3NOYSMWWR5CVC3/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1180458",
        "url": "https://bugzilla.suse.com/1180458"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-26215 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-26215/"
      }
    ],
    "title": "Security update for python-jupyter_notebook",
    "tracking": {
      "current_release_date": "2021-01-16T11:24:06Z",
      "generator": {
        "date": "2021-01-16T11:24:06Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:0078-1",
      "initial_release_date": "2021-01-16T11:24:06Z",
      "revision_history": [
        {
          "date": "2021-01-16T11:24:06Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-jupyter_notebook-doc-5.7.7-lp151.2.3.1.noarch",
                "product": {
                  "name": "python-jupyter_notebook-doc-5.7.7-lp151.2.3.1.noarch",
                  "product_id": "python-jupyter_notebook-doc-5.7.7-lp151.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
                "product": {
                  "name": "python2-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
                  "product_id": "python2-jupyter_notebook-5.7.7-lp151.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
                "product": {
                  "name": "python2-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
                  "product_id": "python2-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch",
                "product": {
                  "name": "python2-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch",
                  "product_id": "python2-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
                "product": {
                  "name": "python3-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
                  "product_id": "python3-jupyter_notebook-5.7.7-lp151.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
                "product": {
                  "name": "python3-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
                  "product_id": "python3-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch",
                "product": {
                  "name": "python3-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch",
                  "product_id": "python3-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jupyter_notebook-doc-5.7.7-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python-jupyter_notebook-doc-5.7.7-lp151.2.3.1.noarch"
        },
        "product_reference": "python-jupyter_notebook-doc-5.7.7-lp151.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-jupyter_notebook-5.7.7-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python2-jupyter_notebook-5.7.7-lp151.2.3.1.noarch"
        },
        "product_reference": "python2-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python2-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch"
        },
        "product_reference": "python2-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python2-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch"
        },
        "product_reference": "python2-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-jupyter_notebook-5.7.7-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python3-jupyter_notebook-5.7.7-lp151.2.3.1.noarch"
        },
        "product_reference": "python3-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python3-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch"
        },
        "product_reference": "python3-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:python3-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch"
        },
        "product_reference": "python3-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-26215",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-26215"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:python-jupyter_notebook-doc-5.7.7-lp151.2.3.1.noarch",
          "openSUSE Leap 15.1:python2-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
          "openSUSE Leap 15.1:python2-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
          "openSUSE Leap 15.1:python2-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch",
          "openSUSE Leap 15.1:python3-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
          "openSUSE Leap 15.1:python3-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
          "openSUSE Leap 15.1:python3-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-26215",
          "url": "https://www.suse.com/security/cve/CVE-2020-26215"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180458 for CVE-2020-26215",
          "url": "https://bugzilla.suse.com/1180458"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:python-jupyter_notebook-doc-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python2-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python2-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python2-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python3-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python3-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python3-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:python-jupyter_notebook-doc-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python2-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python2-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python2-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python3-jupyter_notebook-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python3-jupyter_notebook-lang-5.7.7-lp151.2.3.1.noarch",
            "openSUSE Leap 15.1:python3-jupyter_notebook-latex-5.7.7-lp151.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-01-16T11:24:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-26215"
    }
  ]
}

PYSEC-2020-215

Vulnerability from pysec - Published: 2020-11-18 22:15 - Updated: 2021-08-11 11:14

Details

Impacted products

Name	purl
notebook	pkg:pypi/notebook

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "notebook",
        "purl": "pkg:pypi/notebook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3cec4bbe21756de9f0c4bccf18cf61d840314d74"
            }
          ],
          "repo": "https://github.com/jupyter/notebook",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.0",
        "4.0.0",
        "4.0.1",
        "4.0.2",
        "4.0.4",
        "4.0.5",
        "4.0.6",
        "4.1.0",
        "4.2.0",
        "4.2.0b1",
        "4.2.1",
        "4.2.2",
        "4.2.3",
        "4.3.0",
        "4.3.1",
        "4.3.2",
        "4.4.0",
        "4.4.1",
        "5.0.0",
        "5.0.0b1",
        "5.0.0b2",
        "5.0.0rc1",
        "5.0.0rc2",
        "5.1.0",
        "5.1.0rc1",
        "5.1.0rc2",
        "5.1.0rc3",
        "5.2.0",
        "5.2.0rc1",
        "5.2.1",
        "5.2.1rc1",
        "5.2.2",
        "5.3.0",
        "5.3.0rc1",
        "5.3.1",
        "5.4.0",
        "5.4.1",
        "5.5.0",
        "5.5.0rc1",
        "5.6.0",
        "5.6.0rc1",
        "5.7.0",
        "5.7.1",
        "5.7.10",
        "5.7.2",
        "5.7.3",
        "5.7.4",
        "5.7.5",
        "5.7.6",
        "5.7.8",
        "5.7.9",
        "6.0.0",
        "6.0.0rc1",
        "6.0.1",
        "6.0.2",
        "6.0.3",
        "6.1.0",
        "6.1.0rc1",
        "6.1.1",
        "6.1.2",
        "6.1.3",
        "6.1.4",
        "5.7.11",
        "5.7.12",
        "5.7.13"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26215",
    "GHSA-c7vm-f5p4-8fqh"
  ],
  "details": "Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.",
  "id": "PYSEC-2020-215",
  "modified": "2021-08-11T11:14:19.531087Z",
  "published": "2020-11-18T22:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh"
    },
    {
      "type": "FIX",
      "url": "https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html"
    }
  ]
}

FKIE_CVE-2020-26215

Vulnerability from fkie_nvd - Published: 2020-11-18 22:15 - Updated: 2024-11-21 05:19

Severity ?

4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh	Third Party Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	jupyter	notebook	*
	debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC160EE9-6BEC-47BB-9A72-C100734F48C2",
              "versionEndExcluding": "6.1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5."
    },
    {
      "lang": "es",
      "value": "Jupyter Notebook anterior a la versi\u00f3n 6.1.5, presenta una vulnerabilidad de redireccionamiento abierto.\u0026#xa0;Un enlace creado maliciosamente para un servidor de notebook podr\u00eda redireccionar el navegador a un sitio web diferente.\u0026#xa0;Todos los servidores de notebook est\u00e1n afectados t\u00e9cnicamente; sin embargo, estos enlaces dise\u00f1ados maliciosamente solo pueden ser creados de forma razonable para hosts de servidores de notebook conocidos.\u0026#xa0;Un enlace hacia su servidor notebook puede parecer seguro, pero en \u00faltima instancia, redirecciona hacia un servidor falsificado en la internet p\u00fablica.\u0026#xa0;El problema est\u00e1 parcheado en la versi\u00f3n 6.1.5"
    }
  ],
  "id": "CVE-2020-26215",
  "lastModified": "2024-11-21T05:19:32.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-11-18T22:15:11.947",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jupyter/notebook/commit/3cec4bbe21756de9f0c4bccf18cf61d840314d74"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00004.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-26215 (GCVE-0-2020-26215)

Impact

Patches

References

For more information

Tags

Sightings

Nomenclature