Lucene search
K

79 matches found

Chainguard
Chainguard
added 2024/03/20 6:2 p.m.11 views

GHSA-55M3-44XF-HG4H vulnerabilities

Vulnerabilities for packages: py3-oauthenticator...

7.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/03/20 6:2 p.m.35 views

GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace

Summary and impact GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized to access a JupyterHub. The restriction is intended to ensure Google accounts are part of one or more Google organizations/workspaces verified to control specified domains. The...

9.1CVSS6.5AI score0.00589EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.3 views

OAuthenticator 安全漏洞

OAuthenticator is an OAuth token library for the JupyerHub login handler. A security vulnerability exists in OAuthenticator versions prior to 16.3.0 that stems from incorrectly validating membership...

9.1CVSS7.5AI score0.00589EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.4 views

PT-2024-22686

Name of the Vulnerable Software and Affected Versions oauthenticator versions prior to 16.3.0 Description The issue is related to the GoogleOAuthenticator.hosted domain parameter, which is intended to restrict access to Google accounts that are part of one or more Google organizations verified to...

9.1CVSS7.4AI score0.00589EPSS
Exploits0References13
NVD
NVD
added 2022/06/09 1:15 p.m.63 views

CVE-2022-31027

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS0.00434EPSS
Exploits0References1
Prion
Prion
added 2022/06/09 1:15 p.m.20 views

Authorization

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

4CVSS6.4AI score0.00434EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2022/06/09 1:15 p.m.7 views

keycloakauthenticator (>=3.0.0 <=3.1.0), ssb-ipython-kernels (>=0.2.25 <=0.3.2) potentially affected by CVE-2022-31027 via oauthenticator (>=14.0.0 <=14.2.0)

oauthenticator PYPI version =14.0.0, =3.0.0, =0.2.25, =0.3.2 Source cves: CVE-2022-31027 Source advisory: OSV:PYSEC-2022-206...

6.5CVSS6.5AI score0.00434EPSS
Exploits0
OSV
OSV
added 2022/06/09 1:15 p.m.67 views

PYSEC-2022-206

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS1.5AI score0.00434EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.53 views

OAuthenticator 安全漏洞

OAuthenticator is an OAuth token library for the JupyerHub login handler. A security vulnerability exists in OAuthenticator version 14.2.0 and earlier, which stems from CILogon, a federated authentication provider that allows users to authenticate with multiple identity providers IdPs...

6.5CVSS6.4AI score0.00434EPSS
Exploits0References2
Veracode
Veracode
added 2022/06/07 11:10 a.m.23 views

Authorization Bypass

oauthenticator is vulnerable to authorization bypass. The vulnerability exists because CILogonOAuthenticator doesn't properly validate the email address which allows an attacker to get access to the JupyterHub...

6.5CVSS6.2AI score0.00434EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/06 9:21 p.m.30 views

Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator

Background CILogon is a federated auth provider that allows users to authenticate themselves via a number of Identity Providers IdP, focused primarily on educational and research institutions such as Universities. More traditional and open IdPs such as GitHub, ORCID, Google, Microsoft, etc are al...

6.5CVSS6.1AI score0.00434EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/06/06 9:21 p.m.7 views

keycloakauthenticator (>=3.0.0 <=3.1.0), ssb-ipython-kernels (>=0.2.25 <=0.3.2) potentially affected by CVE-2022-31027 via oauthenticator (>=14.0.0 <=14.2.0)

oauthenticator PYPI version =14.0.0, =3.0.0, =0.2.25, =0.3.2 Source cves: CVE-2022-31027 Source advisory: OSV:GHSA-R7V4-JWX9-WX43...

6.5CVSS6.5AI score0.00434EPSS
Exploits0
OSV
OSV
added 2022/06/06 9:21 p.m.61 views

GHSA-R7V4-JWX9-WX43 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator

Background CILogon is a federated auth provider that allows users to authenticate themselves via a number of Identity Providers IdP, focused primarily on educational and research institutions such as Universities. More traditional and open IdPs such as GitHub, ORCID, Google, Microsoft, etc are al...

4.2CVSS5.1AI score0.00434EPSS
Exploits0References5
OSV
OSV
added 2022/06/06 9:15 p.m.40 views

CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

4.2CVSS6.4AI score0.00434EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/06/06 9:15 p.m.70 views

CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

4.2CVSS6.6AI score0.00434EPSS
Exploits0References1
CVE
CVE
added 2022/06/06 9:15 p.m.627 views

CVE-2022-31027

CVE-2022-31027 affects the OAuthenticator/CILogonOAuthenticator used by JupyterHub. The root cause is that allowed_idps is validated only by email domain, not by IdP (provider) identity, allowing login via an alternate IdP with a @domained email (e.g., berkeley.edu) to bypass intended restriction...

6.5CVSS5.2AI score0.00434EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.15 views

GHSA-8X3M-M3X9-54FJ JupyterHub OAuthenticator elevation of privilege

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...

8.8CVSS8.6AI score0.01771EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.35 views

JupyterHub OAuthenticator elevation of privilege

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...

8.8CVSS3.3AI score0.01771EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2020/12/02 3:9 a.m.19 views

Insecure Access Control

oauthenticator uses insecure access control. The deprecated configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been...

6.3CVSS3.7AI score0.01108EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/12/01 9:15 p.m.35 views

CVE-2020-26250

OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by...

6.3CVSS6.3AI score0.01108EPSS
Exploits0References4
Rows per page
Query Builder