5 matches found
cylc-uiserver (>=0.1.0 <=0.2.0), jhub-shibboleth-auth (>=1.0.0 <=1.5.0) +4 more potentially affected by CVE-2020-36191 via jupyterhub (>=0.8.1 <=1.1.0)
jupyterhub PYPI version =0.8.1, =0.1.0, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =0.0.9 Source cves: CVE-2020-36191 Source advisory: OSV:GHSA-7XX3-QP5W-FW96...
DEBIAN-CVE-2020-36191
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an xsrf field, as demonstrated by a /hub/api/user request to add or remove a user account...
UBUNTU-CVE-2020-36191
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an xsrf field, as demonstrated by a /hub/api/user request to add or remove a user account...
cylc-uiserver (>=0.1.0 <=0.2.0), jhub-shibboleth-auth (>=1.0.0 <=1.5.0) +4 more potentially affected by CVE-2020-36191 via jupyterhub (>=0.8.1 <=1.1.0)
jupyterhub PYPI version =0.8.1, =0.1.0, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =0.0.9 Source cves: CVE-2020-36191 Source advisory: OSV:PYSEC-2021-67...
CVE-2020-36191
CVE-2020-36191 affects JupyterHub 1.1.0 where CSRF is possible in the admin panel via a request that omits the _xsrf field, demonstrated by a /hub/api/user request for adding or removing a user account. The issue is a CSRF vulnerability in the admin interface that can be exploited by authenticate...