CVE-2020-15110
6.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| jupyterhub | kubespawner | < 0.12 | affected |
Weaknesses
- CWE-863: CWE-863: Incorrect Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr
- https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0
References
- https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr
- https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.