4 matches found
Privilege Escalation
JupyterHub is vulnerable to Privilege Escalation. The vulnerability is due to improper management of the admin:users scope in users.py, which unintentionally allows users to elevate their privileges to full admin status...
CVE-2024-41942
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...
JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
Summary If a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. Details The admin:users scope allows a user to edit user records: admin:users Read, write, create and delete users and their authentication state, not including their...
CVE-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...