EUVD-2018-0080

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

JupyterHub OAuthenticator flaw allows account creation by non-whitelisted GitLab group members

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2018-7206	18 Feb 201803:00	–	cve
Cvelist	CVE-2018-7206	18 Feb 201803:00	–	cvelist
Github Security Blog	JupyterHub OAuthenticator elevation of privilege	13 May 202201:12	–	github
NVD	CVE-2018-7206	18 Feb 201803:29	–	nvd
OSV	GHSA-8X3M-M3X9-54FJ JupyterHub OAuthenticator elevation of privilege	13 May 202201:12	–	osv
OSV	PYSEC-2018-68	18 Feb 201803:29	–	osv
Prion	Design/Logic Flaw	18 Feb 201803:29	–	prion
PyPA	PYSEC-2018-151	18 Feb 201803:29	–	pypa
PyPA	PYSEC-2018-68	18 Feb 201803:29	–	pypa
Veracode	Unauthorized Account Creation	20 Feb 201805:01	–	veracode

[
  {
    "enisaIdVendor": [
      {
        "id": "303c279a-1f96-3e02-b5b6-99f09c3044e4",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "59d7924c-3db3-3076-b5ad-37d5ce182d52",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
blog	www.blog.jupyter.org/security-fix-for-jupyterhub-gitlab-oauthenticator-7b14571d1f76
github	www.github.com/jupyterhub/oauthenticator/commit/1845c0e4b1bff3462c91c3108c85205acd3c75a2
github	www.github.com/jupyterhub/oauthenticator/blob/8499dc2/CHANGELOG.md
github	www.github.com/jupyterhub/oauthenticator/blob/8499dc2/CHANGELOG.md
github	www.github.com/advisories/GHSA-8x3m-m3x9-54fj
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-7206
github	www.github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2018-151.yaml
github	www.github.com/pypa/advisory-database/tree/main/vulns/oauthenticator/PYSEC-2018-68.yaml
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

8.5High risk

Vulners AI Score8.5

CVSS 3.18.8

CVSS 26.5

EPSS0.00651