5 matches found
CVE-2024-29033
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...
CVE-2024-29033 GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...
CVE-2024-29033 GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...
CVE-2024-29033 GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...
CVE-2024-29033
CVE-2024-29033 concerns GoogleOAuthenticator.hosted_domain in OAuthenticator for JupyterHub. The root issue is that prior to version 16.3.0 the restriction was applied to Google accounts by email domain rather than guaranteed membership in a Google organization/workspace, allowing accounts create...