CVE-2020-36191

Опубликовано: 13 янв. 2021

Источник: debian

Описание

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jupyterhub	fixed	3.0.0+ds1-1		package

Примечания

https://github.com/jupyterhub/jupyterhub/issues/3304

Связанные уязвимости

CVE-2020-36191

CVSS3: 4.5

ubuntu

около 5 лет назад

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

CVE-2020-36191

CVSS3: 4.5

nvd

около 5 лет назад

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

GHSA-7xx3-qp5w-fw96

CVSS3: 4.5

github

больше 3 лет назад

Cross-Site Request Forgery in JupyterHub