Lucene search
GitHub_MCVELIST:CVE-2020-15110HistoryJul 17, 2020 - 8:45 p.m.
CVE-2020-15110 Possible pod name collisions in jupyterhub-kubespawner
2020-07-1720:45:13
CWE-863
GitHub_M
www.cve.org
2
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
8
Confidence
High
EPSS
0.001
Percentile
30.1%
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
CNA Affected
[
{
"product": "kubespawner",
"vendor": "jupyterhub",
"versions": [
{
"status": "affected",
"version": "< 0.12"
}
]
}
]Related
osv
osv
CVE-2020-15110
2020-07-17 21:15:12
PYSEC-2020-51
2020-07-17 21:15:00
Possible pod name collisions in jupyterhub-kubespawner
2020-07-22 23:07:16
cve
cve
CVE-2020-15110
2020-07-17 21:15:12
github
github
Possible pod name collisions in jupyterhub-kubespawner
2020-07-22 23:07:16
veracode
veracode
Authorization Bypass
2020-07-20 02:10:47
prion
prion
Code injection
2020-07-17 21:15:00
nvd
nvd
CVE-2020-15110
2020-07-17 21:15:12
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
8
Confidence
High
EPSS
0.001
Percentile
30.1%
Related for CVELIST:CVE-2020-15110