CVE-2020-36191

Опубликовано: 13 янв. 2021

Источник: nvd

CVSS3: 4.5

CVSS2: 3.5

EPSS Низкий

Описание

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

Ссылки

https://github.com/jupyterhub/jupyterhub/issues/3304
Exploit
Third Party Advisory
https://github.com/jupyterhub/jupyterhub/releases
Third Party Advisory
https://github.com/jupyterhub/jupyterhub/issues/3304
Exploit
Third Party Advisory
https://github.com/jupyterhub/jupyterhub/releases
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jupyter:jupyterhub:1.1.0:-:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00124

Низкий

4.5 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2020-36191

CVSS3: 4.5

ubuntu

около 5 лет назад

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

CVE-2020-36191

CVSS3: 4.5

debian

около 5 лет назад

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...

GHSA-7xx3-qp5w-fw96

CVSS3: 4.5

github

больше 3 лет назад

Cross-Site Request Forgery in JupyterHub

EPSS

Процентиль: 32%

0.00124

Низкий

4.5 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-352