FreeBSD : Jupyter notebook -- open redirect vulnerability (fe7e322f-522d-11e9-98b5-216e512dad89)

medium Nessus Plugin ID 123540

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jupyter blog :

Login pages tend to take a parameter for redirecting back to a page after successful login, e.g. /login?next=/notebooks/mynotebook.ipynb, so that you aren't disrupted too much if you try to visit a page, but have to authenticate first. An Open Redirect Vulnerability is when a malicious person crafts a link pointing to the login page of a trusted site, but setting the 'redirect after successful login' parameter to send the user to their own site, instead of a page on the authenticated site (the notebook or JupyterHub server), e.g.
/login?next=http://badwebsite.biz. This doesn't necessarily compromise anything immediately, but it enables phishing if users don't notice that the domain has changed, e.g. by showing a fake 're-enter your password' page. Servers generally have to validate the redirect URL to avoid this. Both JupyterHub and Notebook already do this, but the validation didn't take into account all possible ways to redirect to other sites, so some malicious URLs could still be crafted to redirect away from the server (the above example does not work in any recent version of either package). Only certain browsers (Chrome and Firefox, not Safari) could be redirected from the JupyterHub login page, but all browsers could be redirected away from a standalone notebook server.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?57bc774a

http://www.nessus.org/u?1ee366c1

http://www.nessus.org/u?765540ed

Plugin Details

Severity: Medium

ID: 123540

File Name: freebsd_pkg_fe7e322f522d11e998b5216e512dad89.nasl

Version: 1.3

Type: local

Published: 4/1/2019

Updated: 1/27/2020

Risk Information

VPR

Risk Factor: Low

Score: 3

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py27-notebook, p-cpe:/a:freebsd:freebsd:py35-notebook, p-cpe:/a:freebsd:freebsd:py36-notebook, p-cpe:/a:freebsd:freebsd:py37-notebook, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 3/29/2019

Vulnerability Publication Date: 3/28/2019

Reference Information

CVE: CVE-2019-10255