Lucene search
GoogleOSV:GHSA-CG54-GPGR-4RM6HistoryDec 09, 2020 - 4:27 p.m.
user-readable api tokens in systemd units for JupyterHub
2020-12-0916:27:43
Google
osv.dev
8
jupyterhub
systemd units
user api tokens
the-littlest-jupyterhub
systemdspawner
v0.15
security advisory
software
EPSS
0
Percentile
15.5%
Impact
user API tokens issued to single-user servers are specified in the environment of systemd units, which are accessible to all users.
In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default.
Patches
Patched in jupyterhub-systemdspawner v0.15
Workarounds
No workaround other than upgrading systemdspawner to 0.15
For more information
If you have any questions or comments about this advisory:
- Open a thread in the Jupyter forum
- Email us at [email protected]
References
github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015
github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580
github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6
nvd.nist.gov/vuln/detail/CVE-2020-26261
pypi.org/project/jupyterhub-systemdspawner
Related
osv
osv
CVE-2020-26261
2020-12-09 17:15:30
PYSEC-2020-52
2020-12-09 17:15:00
cve
cve
CVE-2020-26261
2020-12-09 17:15:30
github
github
user-readable api tokens in systemd units for JupyterHub
2020-12-09 16:27:43
nvd
nvd
CVE-2020-26261
2020-12-09 17:15:30
cvelist
cvelist
CVE-2020-26261 user-readable api tokens in systemd units
2020-12-09 16:30:14
veracode
veracode
Information Disclosure
2020-12-11 03:42:35
prion
prion
Design/Logic Flaw
2020-12-09 17:15:00