2 matches found
PT-2026-25887
Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver base url or api base url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...
CVE-2024-29033
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...