Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.30 views

CVE-2022-31027

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS6.7AI score0.00434EPSS
Exploits0References1
NVD
NVD
added 2022/06/09 1:15 p.m.64 views

CVE-2022-31027

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS0.00434EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/06/09 1:15 p.m.8 views

keycloakauthenticator (>=3.0.0 <=3.1.0), ssb-ipython-kernels (>=0.2.25 <=0.3.2) potentially affected by CVE-2022-31027 via oauthenticator (>=14.0.0 <=14.2.0)

oauthenticator PYPI version =14.0.0, =3.0.0, =0.2.25, =0.3.2 Source cves: CVE-2022-31027 Source advisory: OSV:PYSEC-2022-206...

6.5CVSS6.5AI score0.00434EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/06/06 9:21 p.m.9 views

keycloakauthenticator (>=3.0.0 <=3.1.0), ssb-ipython-kernels (>=0.2.25 <=0.3.2) potentially affected by CVE-2022-31027 via oauthenticator (>=14.0.0 <=14.2.0)

oauthenticator PYPI version =14.0.0, =3.0.0, =0.2.25, =0.3.2 Source cves: CVE-2022-31027 Source advisory: OSV:GHSA-R7V4-JWX9-WX43...

6.5CVSS6.5AI score0.00434EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/06/06 9:15 p.m.8 views

CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

4.2CVSS6.4AI score0.00434EPSS
Exploits0References1
CVE
CVE
added 2022/06/06 9:15 p.m.632 views

CVE-2022-31027

CVE-2022-31027 affects the OAuthenticator/CILogonOAuthenticator used by JupyterHub. The root cause is that allowed_idps is validated only by email domain, not by IdP (provider) identity, allowing login via an alternate IdP with a @domained email (e.g., berkeley.edu) to bypass intended restriction...

6.5CVSS5.2AI score0.00434EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder