The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability CVE-2019-10255 CVE-2019-10856

Jupyter Notebook: open redirect

Synthesis of the vulnerability

An attacker can deceive the user of Jupyter Notebook, in order to redirect him to a malicious site.
Vulnerable products: Jupyter Notebook.
Severity of this weakness: 1/4.
Consequences of a hack: user access/rights, data reading.
Hacker's origin: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/03/2019.
Références of this bulletin: CVE-2019-10255, CVE-2019-10856, VIGILANCE-VUL-28890.

Description of the vulnerability

The Jupyter Notebook product offers a web service.

However, the web service accepts to redirect the victim with no warning, to an external site indicated by the attacker.

An attacker can therefore deceive the user of Jupyter Notebook, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability patch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.