Linux Distros Unpatched Vulnerability : CVE-2024-41942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the...

CVE-2022-41942

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

CVE-2024-41942

creationtimestamp| type| source ---|---|--- 2024-08-08 18:04:36+00:00| seen| https://t.me/cvedetector/2796...

CVE-2024-41942 vulnerabilities

Vulnerabilities for packages: py3-jupyterhub...

conda-store (>=2024.6.1 <=2024.11.2), cylc-uiserver (>=0.1.0 <=0.3.0) +13 more potentially affected by CVE-2024-41942 via jupyterhub (>=0.8.1 <=4.0.2)

jupyterhub PYPI version =0.8.1, =2024.6.1, =0.1.0, =0.0.4, =1.3.7, =1.0.0, =0.2.0, =0.1.0, =0.0.0, =0.1.0, =0.10.0, =0.2.25, =0.0.1, =0.1.0, =0.0.2, =0.0.9 Source cves: CVE-2024-41942 Source advisory: OSV:GHSA-9X4Q-3GXW-849F...

pythoncharmers-meta (>=0.1.0 <=0.2.1) potentially affected by CVE-2024-41942 via jupyterhub (=5.0.0b2)

jupyterhub PYPI version =5.0.0b2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyterhub and may be impacted: - pythoncharmers-meta =0.1.0, =0.2.1 Source cves: CVE-2024-41942 Source advisory: OSV:GHSA-9X4Q-3GXW-849F...

CVE-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...

CVE-2023-41942

creationtimestamp| type| source ---|---|--- 2024-01-03 12:30:24+00:00| seen| https://t.me/arpsyndicate/2319...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41942

The CVE-2023-41942 entry concerns a CSRF vulnerability in the Jenkins AWS CodeCommit Trigger Plugin. Affected software: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier. Root cause: cross-site request forgery that enables an attacker to clear the SQS queue. Impact: described as a...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2022-41942

creationtimestamp| type| source ---|---|--- 2022-11-22 22:13:14+00:00| seen| https://t.me/cibsecurity/53373...

CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

CVE-2022-41942

CVE-2022-41942 affects Sourcegraph’s gitserver component. A command injection existed in the /list-gitolite endpoint due to lack of input validation on the host parameter, exploitable only if an attacker can send local requests to gitserver. Affected versions are those prior to 4.1.0; the issue i...

CVE-2021-41942

creationtimestamp| type| source ---|---|--- 2022-04-29 16:25:08+00:00| seen| https://t.me/cibsecurity/41632...

CVE-2021-41942

CVE-2021-41942 affects the Magic CMS MSVOD v10 video system. The connected documents consistently describe an SQL injection vulnerability in this product, enabling attackers to obtain sensitive information from the database. The sources do not provide exploitation details, affected subsystems bey...