CVE-2020-15110

Опубликовано: 17 июл. 2020

Источник: nvd

CVSS3: 6.8

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.

Ссылки

https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0
Patch
Third Party Advisory
https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr
Exploit
Third Party Advisory
https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0
Patch
Third Party Advisory
https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jupyterhub:kubespawner:*:*:*:*:*:*:*:*

Версия до 0.12 (исключая)

EPSS

Процентиль: 44%

0.00219

Низкий

6.8 Medium

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-v7m9-9497-p9gr

CVSS3: 6.8

github

больше 5 лет назад

Possible pod name collisions in jupyterhub-kubespawner

EPSS

Процентиль: 44%

0.00219

Низкий

6.8 Medium

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863