Bug 1214730 (CVE-2023-39968) - VUL-0: CVE-2023-39968: python-jupyter-server: Open Redirect vulnerability
Summary: VUL-0: CVE-2023-39968: python-jupyter-server: Open Redirect vulnerability
Status: RESOLVED FIXED
Alias: CVE-2023-39968
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/376564/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-39968:4.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-29 07:26 UTC by Cathy Hu
Modified: 2024-05-29 12:17 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cathy Hu 2023-08-29 07:26:45 UTC 
CVE-2023-39968

jupyter-server is the backend for Jupyter web applications. Open Redirect
Vulnerability. Maliciously crafted login links to known Jupyter Servers can
cause successful login or an already logged-in session to be redirected to
arbitrary sites, which should be restricted to Jupyter Server-served URLs. This
issue has been addressed in commit `29036259` which is included in release
2.7.2. Users are advised to upgrade. There are no known workarounds for this
vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39968
https://www.cve.org/CVERecord?id=CVE-2023-39968
https://github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3
Comment 1 Cathy Hu 2023-08-29 07:27:08 UTC 
Affected:
- SUSE:ALP:Source:Standard:1.0/python-jupyter-server  2.5.0
- openSUSE:Factory/python-jupyter-server              2.6.0
Comment 2 OBSbugzilla Bot 2023-08-29 08:05:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1214730) was mentioned in
https://build.opensuse.org/request/show/1107864 Factory / python-jupyter-server
Comment 3 Markéta Machová 2023-08-29 12:53:16 UTC 
https://build.suse.de/request/show/306404, I hope it is the correct workflow
Comment 4 Robert Frohl 2024-05-29 12:17:19 UTC 
done, closing