Lucene search
Veracode Vulnerability DatabaseVERACODE:28562HistoryDec 11, 2020 - 3:42 a.m.
Information Disclosure
2020-12-1103:42:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
jupyterhub
systemd
information disclosure
api tokens
vulnerability
EPSS
0
Percentile
15.5%
jupyterhub-systemdspawner is vulnerable to information disclosure. User API tokens that are issued to single-user servers are specified in the environment of systemd units and are accessible to all users.
References
github.com/advisories/GHSA-cg54-gpgr-4rm6
github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015
github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580
github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6
pypi.org/project/jupyterhub-systemdspawner/
Related
osv
osv
CVE-2020-26261
2020-12-09 17:15:30
user-readable api tokens in systemd units for JupyterHub
2020-12-09 16:27:43
PYSEC-2020-52
2020-12-09 17:15:00
cve
cve
CVE-2020-26261
2020-12-09 17:15:30
github
github
user-readable api tokens in systemd units for JupyterHub
2020-12-09 16:27:43
nvd
nvd
CVE-2020-26261
2020-12-09 17:15:30
cvelist
cvelist
CVE-2020-26261 user-readable api tokens in systemd units
2020-12-09 16:30:14
prion
prion
Design/Logic Flaw
2020-12-09 17:15:00