79 matches found
CVE-2026-33175 vulnerabilities
Vulnerabilities for packages: py3-oauthenticator...
GHSA-RRVG-CXH4-QHRV vulnerabilities
Vulnerabilities for packages: py3-oauthenticator...
CVE-2026-33175 vulnerabilities
Vulnerabilities for packages: py3-oauthenticator...
GHSA-RRVG-CXH4-QHRV vulnerabilities
Vulnerabilities for packages: py3-oauthenticator...
CVE-2026-33175
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the authentication when usernameclaim is set to email and email verification is not enforced. An attacker can gain unauthorized access and potentially take over accounts by using an unverified email address o...
CVE-2026-33175
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...
CVE-2026-33175
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...
CVE-2026-33175 OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...
GHSA-RRVG-CXH4-QHRV Auth0OAuthenticator has an Authentication Bypass via Unverified Email Claims
Summary An authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email is used as the usrnameclaim, this gives users control over their username and the possibility of account takeover. Impact This...
Auth0OAuthenticator has an Authentication Bypass via Unverified Email Claims
Summary An authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email is used as the usrnameclaim, this gives users control over their username and the possibility of account takeover. Impact This...
fabricauthenticator (>=0.0.2.5 <=1.3.4rc0), jupyterhub-ltiauthenticator (=1.3.0) +11 more potentially affected by CVE-2026-33175 via oauthenticator (>=0.13.0 <=16.3.1)
oauthenticator PYPI version =0.13.0, =0.0.2.5, =0.11.0, =0.9.1, =3.0.0, =1.0.2, =0.1.0, =1.1.9, =0.5.0, =0.30.1, =0.2.25, =0.0.2, =0.4.2 Source cves: CVE-2026-33175 Source advisory: OSV:GHSA-RRVG-CXH4-QHRV...
OAuthenticator 安全漏洞
OAuthenticator is the OAuth token library used by the JupyerHub login process. Versions of OAuthenticator prior to 17.4.0 contained a security vulnerability. This vulnerability stemmed from an authentication bypass mechanism, which could allow attackers with unverified email addresses to log in t...
PT-2026-30250
Name of the Vulnerable Software and Affected Versions OAuthenticator versions prior to 17.4.0 Description OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. An authentication bypass issue exists that allows an attacker with an unverified...
CVE-2022-31027
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...
EUVD-2020-0118
Malware in sbrugna...
EUVD-2018-0080
Malware in sbrugna...
EUVD-2024-2058
Malicious code in bioql PyPI...
EUVD-2024-0822
Malicious code in bioql PyPI...
CVE-2024-29033
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...