Candidate: CVE-2020-26232
PublicDate: 2020-11-24 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26232
 https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v
 https://github.com/jupyter-server/jupyter_server/commit/61ab548bf9186ab7323d8fa7bd0e12ae23555a28 (1.0.6)
Description:
 Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A
 maliciously crafted link to a jupyter server could redirect the browser to
 a different website. All jupyter servers are technically affected, however,
 these maliciously crafted links can only be reasonably made for known
 jupyter server hosts. A link to your jupyter server may appear safe, but
 ultimately redirect to a spoofed server on the public internet.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N [5.4 MEDIUM]


Patches_jupyter-server:
upstream_jupyter-server: released (1.0.7-1)
precise/esm_jupyter-server: DNE
trusty_jupyter-server: ignored (out of standard support)
trusty/esm_jupyter-server: DNE
xenial_jupyter-server: DNE
bionic_jupyter-server: DNE
focal_jupyter-server: DNE
groovy_jupyter-server: DNE
devel_jupyter-server: not-affected (1.1.1-1)