jupyterhub is vulnerable to session fixation. The vulnerability exists due to the incomplete logout in the single-user server. An attacker is able to reinstate another user’s session if another active session is open.
CPE | Name | Operator | Version |
---|---|---|---|
jupyterhub | le | 1.4.2 | |
jupyterhub | le | 1.4.2 |