Miggo Logo

CVE-2020-26232: Open redirect in Jupyter Server

4.1

CVSS Score
3.1

Basic Information

EPSS Score
0.46085%
Published
11/24/2020
Updated
9/23/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
jupyter-serverpip< 1.0.61.0.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows critical changes to the TrailingSlashHandler's get method in handlers.py. The vulnerability stemmed from how URI paths were processed:

  1. Original code used request.path.rstrip('/') which could leave leading slashes
  2. This allowed paths like '//example.com' to be normalized to '/example.com'
  3. The redirect logic didn't properly validate the resulting path, enabling external domain redirects
  4. The patch added proper path sanitization (trimming both leading/trailing slashes) to prevent this vector
  5. The CVE description explicitly mentions this was an open redirect in URI handling
  6. The vulnerability type (CWE-601) matches the pattern of improper redirect validation

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t _W**t kin* o* vuln*r**ility is it? W*o is imp**t**?_ Op*n r**ir**t vuln*r**ility - * m*li*iously *r**t** link to * jupyt*r s*rv*r *oul* r**ir**t t** *rows*r to * *i***r*nt w**sit*. *ll jupyt*r s*rv*rs *r* t***ni**lly *****t**, *ow*v*r, t

Reasoning

T** *ommit *i** s*ows *riti**l ***n**s to t** Tr*ilin*Sl*s***n*l*r's **t m*t*o* in **n*l*rs.py. T** vuln*r**ility st*mm** *rom *ow URI p*t*s w*r* pro**ss**: *. Ori*in*l *o** us** r*qu*st.p*t*.rstrip('/') w*i** *oul* l**v* l***in* sl*s**s *. T*is *ll