Vulnerabilities

CVE-2020-15110

by Fred · 17/07/2020

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.

Date published : 2020-07-17

https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0

https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr

Similar

Tags: Cybersecurity Alert