79 matches found
CVE-2020-26250
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by...
Design/Logic Flaw
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by...
PYSEC-2020-68
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by...
PYSEC-2020-68
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by...
CVE-2020-26250
CVE-2020-26250 affects OAuthenticator (used by JupyterHub). In versions 0.12.0–0.12.1, the deprecated Authenticator.whitelist is ignored, effectively allowing any authenticated user if no group restrictions exist. Provider-based restrictions are unaffected. A log line such as Not using allowed_us...
CVE-2020-26250 Base class whitelist configuration ignored in OAuthenticator
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by...
Base class whitelist configuration ignored in OAuthenticator
Impact What goes wrong? The deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set...
GHSA-384W-5V3F-Q499 Base class whitelist configuration ignored in OAuthenticator
Impact What goes wrong? The deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set...
JupyterHub Oauthenticator Security Vulnerability
JupyterHub is a multi-user server for Jupyter. A security vulnerability exists in JupyterHub Oauthenticator that stems from the Authenticator.whitelist configuration allowing all authenticated users...
Information Disclosure
Moodle uses insecure access control. The deprecated configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If...
Unauthorized Account Creation
OAuthenticator is vulnerable to unauthorized account creation. The library does not properly check group membership properly when used with JupyterHub for Gitlab whitelisting access control, allowing a malicious user to create accounts on the Hub...
Design/Logic Flaw
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...
PYSEC-2018-151
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...
PYSEC-2018-151
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...
CVE-2018-7206
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...
PYSEC-2018-68
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...
CVE-2018-7206
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...
CVE-2018-7206
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...
CVE-2018-7206
The CVE relates to JupyterHub OAuthenticator in Project Jupyter JupyterHub, where GitLab group whitelisting was not enforced correctly. Affected versions are OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. The flaw could let whitelisted-group members fail to be required for account crea...