Lucene search
CVE-2024-37300
OAuthenticator allows OAuth2 identity providers to be used with JupyterHub. Prior to JupyterHub 5.0, 'GlobusOAuthenticator' could allow all users from a specific institution, but after the update, 'allow_all' takes precedence over 'identity_provider', allowing all users to login irrespective of the identity provider
Show more
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2024-37300 vulnerabilities | 12 Jun 202416:15 | – | cgr |
 | CVE-2024-37300 | 12 Jun 202416:15 | – | nvd |
 | GHSA-GPRJ-3P75-F996 Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 | 12 Jun 202417:13 | – | osv |
| CGA-QWCG-8RGG-JFQM | 13 Jun 202416:06 | – | osv |
| CVE-2024-37300 | 12 Jun 202416:15 | – | osv |
 | CVE-2024-37300 vulnerabilities | 12 Jun 202416:15 | – | wolfi |
 | CVE-2024-37300 Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 | 12 Jun 202415:20 | – | cvelist |
 | CVE-2024-37300 | 5 Feb 202500:47 | – | redhatcve |
 | Access Control Bypass | 13 Jun 202406:34 | – | veracode |
 | Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 | 12 Jun 202417:13 | – | github |
10
Node
[
{
"vendor": "jupyterhub",
"product": "oauthenticator",
"versions": [
{
"version": "< 16.3.1",
"status": "affected"
}
]
}
]Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo12 Jun 2024 16:15Current
7.8High risk
Vulners AI Score7.8
CVSS38.1
EPSS0.00168