CVE-2020-36191

Опубликовано: 13 янв. 2021

Источник: ubuntu

Приоритет: medium

CVSS2: 3.5

CVSS3: 4.5

Описание

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage
lunar	ignored	end of life, was needs-triage
mantic	ignored	end of life, was needs-triage
noble	needs-triage
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

3.5 Low

CVSS2

4.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-36191

CVSS3: 4.5

nvd

около 5 лет назад

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

CVE-2020-36191

CVSS3: 4.5

debian

около 5 лет назад

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...

GHSA-7xx3-qp5w-fw96

CVSS3: 4.5

github

больше 3 лет назад

Cross-Site Request Forgery in JupyterHub

3.5 Low

CVSS2

4.5 Medium

CVSS3

CVE-2020-36191

Описание

Пакет jupyterhub

Ссылки на источники

Связанные уязвимости