Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/04/03 9:56 p.m.3 views

CVE-2026-33175 OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...

8.8CVSS5.8AI score0.00438EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.7 views

CVE-2025-23205

nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...

6.9CVSS6.8AI score0.00453EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.30 views

CVE-2022-31027

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS6.7AI score0.00434EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2020-0093

Malware in sbrugna...

7.9CVSS7.8AI score0.00471EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0080

Malware in sbrugna...

8.8CVSS8.5AI score0.01771EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.11 views

CVE-2021-41194

FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user's account if createusers=True and t...

9.8CVSS6.8AI score0.01323EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 p.m.6 views

CVE-2020-36191

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an xsrf field, as demonstrated by a /hub/api/user request to add or remove a user account...

4.5CVSS6.8AI score0.00499EPSS
Exploits1
Cvelist
Cvelist
added 2025/01/17 8:23 p.m.11 views

CVE-2025-23205 `frame-ancestors: self` grants all users access to formgrader in nbgrader

nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...

6.9CVSS0.00453EPSS
Exploits0References4
Chainguard
Chainguard
added 2024/08/08 3:15 p.m.7 views

CVE-2024-41942 vulnerabilities

Vulnerabilities for packages: py3-jupyterhub...

7.2CVSS6.9AI score0.0059EPSS
Exploits0
Rows per page
Query Builder