Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

79 matches found

Veracode
Veracodeadded 2024/06/13 6:34 a.m.15 views

Access Control Bypass

oauthenticator is vulnerable to Access Control Bypass. The vulnerability is due to the allowall setting taking precedence over identityprovider, allowing attackers to log in without restriction based on the intended institutional identity provider configuration...

8.1CVSS8AI score0.00405EPSS
Exploits0References3Affected Software1
Chainguard
Chainguardadded 2024/06/12 5:13 p.m.4 views

GHSA-GPRJ-3P75-F996 vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

7.3AI score
Exploits0
vulnersOsv
vulnersOsvadded 2024/06/12 5:13 p.m.1 views

fabricauthenticator (>=0.0.2.5 <=1.3.4rc0), jupyterhub-ltiauthenticator (=1.3.0) +7 more potentially affected by CVE-2024-37300 via oauthenticator (>=14.0.0 <=16.2.1)

oauthenticator PYPI version =14.0.0, =0.0.2.5, =3.0.0, =1.0.2, =0.1.0, =1.1.9, =0.5.0, =0.2.25, =0.3.2 Source cves: CVE-2024-37300 Source advisory: OSV:GHSA-GPRJ-3P75-F996...

8.1CVSS7.4AI score0.00405EPSS
Exploits0
OSV
OSVadded 2024/06/12 5:13 p.m.11 views

GHSA-GPRJ-3P75-F996 Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0

Impact JupyterHub 5.0, when used with GlobusOAuthenticator, could be configured to allow all users from a particular institution only. The configuration for this would look like: python Require users to be using the "foo.horse" identity provider, often an institution or university...

8.1CVSS7.8AI score0.00405EPSS
Exploits0References5
Wolfi
Wolfiadded 2024/06/12 5:13 p.m.92 views

GHSA-GPRJ-3P75-F996 vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

7.5AI score
Exploits0
Chainguard
Chainguardadded 2024/06/12 4:15 p.m.13 views

CVE-2024-37300 vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

8.1CVSS6.9AI score0.00405EPSS
Exploits0
Wolfi
Wolfiadded 2024/06/12 4:15 p.m.15 views

CVE-2024-37300 vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

8.1CVSS7.2AI score0.00405EPSS
Exploits0
NVD
NVDadded 2024/06/12 4:15 p.m.20 views

CVE-2024-37300

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub 5.0, when used with GlobusOAuthenticator, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub 5.0, because allowall di...

8.1CVSS0.00405EPSS
Exploits0References3
CVE
CVEadded 2024/06/12 3:20 p.m.277 views

CVE-2024-37300

CVE-2024-37300 affects OAuthenticator used with JupyterHub when configured with Globe?osAuthenticator (GlobusOAuthenticator) prior to version 5.0. In JupyterHub 5.0, the setting allow_all takes precedence over identity_provider, which can cause all users from any institution to log in, effectivel...

8.1CVSS7.8AI score0.00405EPSS
Exploits0References3
OSV
OSVadded 2024/06/12 3:20 p.m.16 views

CVE-2024-37300 Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub 5.0, when used with GlobusOAuthenticator, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub 5.0, because allowall di...

8.1CVSS7.6AI score0.00405EPSS
Exploits0References5
CNNVD
CNNVDadded 2024/06/12 12:0 a.m.3 views

OAuthenticator Security Vulnerability

OAuthenticator is an OAuth token library for the JupyerHub login handler. A security vulnerability exists in OAuthenticator version 16.3.0 and earlier, which stems from the fact that the allowall configuration item took precedence over the identityprovider configuration item starting in JupyterHu...

8.1CVSS6.8AI score0.00405EPSS
Exploits0References4
Veracode
Veracodeadded 2024/03/22 7:4 a.m.19 views

Authentication Bypass

oauthenticator is vulnerable to Authentication Bypass. The vulnerability exists due to insufficient validation of Google accounts, which allowed access to accounts created by anyone with emails ending with a specified domain...

7.5CVSS6.6AI score0.00589EPSS
Exploits0References3Affected Software1
Chainguard
Chainguardadded 2024/03/20 9:15 p.m.34 views

CVE-2024-29033 vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

9.1CVSS7.1AI score0.00589EPSS
Exploits0
Wolfi
Wolfiadded 2024/03/20 9:15 p.m.27 views

CVE-2024-29033 vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

9.1CVSS7.2AI score0.00589EPSS
Exploits0
NVD
NVDadded 2024/03/20 9:15 p.m.27 views

CVE-2024-29033

OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...

9.1CVSS7.4AI score0.00589EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/03/20 8:36 p.m.10 views

CVE-2024-29033 GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace

OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...

7.5CVSS6.6AI score0.00589EPSS
Exploits0References3
CVE
CVEadded 2024/03/20 8:36 p.m.349 views

CVE-2024-29033

CVE-2024-29033 concerns GoogleOAuthenticator.hosted_domain in OAuthenticator for JupyterHub. The root issue is that prior to version 16.3.0 the restriction was applied to Google accounts by email domain rather than guaranteed membership in a Google organization/workspace, allowing accounts create...

9.1CVSS7.4AI score0.00589EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2024/03/20 8:36 p.m.20 views

CVE-2024-29033 GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace

OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...

7.5CVSS7.3AI score0.00589EPSS
Exploits0References5
Chainguard
Chainguardadded 2024/03/20 6:2 p.m.10 views

GHSA-55M3-44XF-HG4H vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

7.3AI score
Exploits0
vulnersOsv
vulnersOsvadded 2024/03/20 6:2 p.m.2 views

fabricauthenticator (>=0.0.2.5 <=1.3.4rc0), jupyterhub-ltiauthenticator (=1.3.0) +7 more potentially affected by CVE-2024-29033 via oauthenticator (>=14.0.0 <=16.2.1)

oauthenticator PYPI version =14.0.0, =0.0.2.5, =3.0.0, =1.0.2, =0.1.0, =1.1.9, =0.5.0, =0.2.25, =0.3.2 Source cves: CVE-2024-29033 Source advisory: OSV:GHSA-55M3-44XF-HG4H...

9.1CVSS7.2AI score0.00589EPSS
Exploits0
Rows per page
Query Builder