7 matches found
CVE-2025-23205
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...
CVE-2025-23205
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...
CVE-2025-23205
creationtimestamp| type| source ---|---|--- 2025-01-17 20:57:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2209 2025-01-17 21:15:49+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfxpp44wsa2r 2025-01-17 22:39:14+00:00| seen|...
CVE-2025-23205 `frame-ancestors: self` grants all users access to formgrader in nbgrader
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...
CVE-2025-23205 `frame-ancestors: self` grants all users access to formgrader in nbgrader
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...
CVE-2025-23205 `frame-ancestors: self` grants all users access to formgrader in nbgrader
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...
CVE-2025-23205
CVE-2025-23205 affects nbgrader. Enabling frame-ancestors: 'self' can allow any JupyterHub user to extract content from the formgrader iframe when default JupyterHub config enable_subdomains is False, enabling an attacker to load the formgrader page with another user’s credentials. The issue has ...