11 matches found
EUVD-2023-3219
Malicious code in bioql PyPI...
CVE-2023-48311
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable docker image, instead of restricting to...
Default credentials
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable docker image, instead of restricting to...
CVE-2023-48311 Any image allowed by default
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable docker image, instead of restricting to...
CVE-2023-48311
CVE-2023-48311 affects dockerspawner for JupyterHub deployments. Versions 0.11.0 through 12 (and up to 13 in some advisories) permit users to launch any pullable Docker image when DockerSpawner.allowed_images is not explicitly restricted, instead of only the configured image. Root cause: misconfi...
CVE-2023-48311 Any image allowed by default
dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable docker image, instead of restricting to...
DockerSpawner allows any image by default
Impact Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable image, instead of restricting to only the single configured image, as intended. Patches Upgrade to DockerSpawner 13...
swanspawner (>=0.2.0 <=1.2.48), tljh-repo2docker (>=1.0.1 <=2.0.0a5) potentially affected by CVE-2023-48311 via dockerspawner (>=0.11.1 <=12.1.0)
dockerspawner PYPI version =0.11.1, =0.2.0, =1.0.1, =2.0.0a5 Source cves: CVE-2023-48311 Source advisory: OSV:GHSA-HFGR-H3VC-P6C2...
GHSA-HFGR-H3VC-P6C2 DockerSpawner allows any image by default
Impact Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying DockerSpawner.allowedimages configuration allow users to launch any pullable image, instead of restricting to only the single configured image, as intended. Patches Upgrade to DockerSpawner 13...
dockerspawner Security Vulnerabilities
dockerspawner is a tool for spawning JupyterHub single-user servers in Docker containers. A security vulnerability exists in dockerspawner version 0.11.0 up to and including version 13.0, which stems from allowing a user to launch any image that can be pulled, rather than being limited to a singl...
PT-2023-30774 · Unknown · Jupyterhub +1
Name of the Vulnerable Software and Affected Versions: DockerSpawner versions 0.11.0 through 12 Description: The issue affects JupyterHub deployments running DockerSpawner, allowing users to launch any pullable Docker image instead of restricting to the single configured image. This has been...