In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
References
Link | Resource |
---|---|
https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0 | Patch Third Party Advisory |
https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-07-17T20:45:13
Updated: 2020-07-17T20:45:13
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15110
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-17T21:15:12.857
Modified: 2021-11-18T18:23:10.907
Link: CVE-2020-15110
JSON object: View
Redhat Information
No data.
CWE