EUVD-2020-0092

Malware in sbrugna...

Unspecified vulnerability in jupyterhub-kubespawner

jupyterhub-kubespawner is a package for spawning single-user laptop servers on Kubernetes clusters. A security vulnerability in versions of jupyterhub-kubespawner prior to 0.12 can be exploited by an attacker to access the default server of another user with the same username...

GHSA-V7M9-9497-P9GR Possible pod name collisions in jupyterhub-kubespawner

Impact What kind of vulnerability is it? Who is impacted? JupyterHub deployments using: - KubeSpawner = 0.11.1 e.g. zero-to-jupyterhub 0.9.0 and - enabled namedservers not default, and - an Authenticator that allows: - usernames with hyphens or other characters that require escape e.g. user-hyphe...

Possible pod name collisions in jupyterhub-kubespawner

Impact What kind of vulnerability is it? Who is impacted? JupyterHub deployments using: - KubeSpawner = 0.11.1 e.g. zero-to-jupyterhub 0.9.0 and - enabled namedservers not default, and - an Authenticator that allows: - usernames with hyphens or other characters that require escape e.g. user-hyphe...

CVE-2020-15110

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12...

CVE-2020-15110

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12...

PYSEC-2020-51

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12...

PYSEC-2020-51

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12...

Code injection

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12...

jupyterhubutils (>=0.11.0 <=0.12.0), wfdispatcher (=0.2.2) potentially affected by CVE-2020-15110 via jupyterhub-kubespawner (=0.11.1)

jupyterhub-kubespawner PYPI version =0.11.1 is affected by a known vulnerability. The following packages have a transitive dependency on jupyterhub-kubespawner and may be impacted: - jupyterhubutils =0.11.0, =0.12.0 - wfdispatcher =0.2.2 Source cves: CVE-2020-15110 Source advisory: OSV:PYSEC-2020...

CVE-2020-15110

CVE-2020-15110 affects jupyterhub-kubespawner. Before version 0.12, some usernames could craft server names enabling access to another user’s default server with the same username. The issue has been fixed in 0.12. Remediation: upgrade to 0.12 or later (as indicated by the connected advisories).

CVE-2020-15110 Possible pod name collisions in jupyterhub-kubespawner

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12...