Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2022/06/09 1:15 p.m.9 views

CVE-2022-31027

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS0.00267EPSS
Exploits0References1
Prion
Prionadded 2022/06/09 1:15 p.m.17 views

Authorization

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

4CVSS6.4AI score0.00267EPSS
Exploits0References1Affected Software1
PyPA
PyPAadded 2022/06/09 1:15 p.m.7 views

PYSEC-2022-206

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS6.8AI score0.00267EPSS
Exploits0References1Affected Software1
Veracode
Veracodeadded 2022/06/07 11:10 a.m.21 views

Authorization Bypass

oauthenticator is vulnerable to authorization bypass. The vulnerability exists because CILogonOAuthenticator doesn't properly validate the email address which allows an attacker to get access to the JupyterHub...

6.5CVSS6.2AI score0.00267EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2022/06/06 9:21 p.m.27 views

GHSA-R7V4-JWX9-WX43 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator

Background CILogon is a federated auth provider that allows users to authenticate themselves via a number of Identity Providers IdP, focused primarily on educational and research institutions such as Universities. More traditional and open IdPs such as GitHub, ORCID, Google, Microsoft, etc are al...

4.2CVSS5.1AI score0.00267EPSS
Exploits0References5
OSV
OSVadded 2022/06/06 9:15 p.m.17 views

CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

4.2CVSS6.4AI score0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2022/06/06 9:15 p.m.7 views

CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

4.2CVSS6.4AI score0.00267EPSS
Exploits0References1
CVE
CVEadded 2022/06/06 9:15 p.m.612 views

CVE-2022-31027

CVE-2022-31027 affects the OAuthenticator/CILogonOAuthenticator used by JupyterHub. The root cause is that allowed_idps is validated only by email domain, not by IdP (provider) identity, allowing login via an alternate IdP with a @domained email (e.g., berkeley.edu) to bypass intended restriction...

6.5CVSS5.2AI score0.00267EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder