Количество 2
Количество 2
CVE-2020-26261
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15
GHSA-cg54-gpgr-4rm6
user-readable api tokens in systemd units for JupyterHub
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-26261 jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15 | CVSS3: 7.9 | 0% Низкий | около 5 лет назад |
| GHSA-cg54-gpgr-4rm6 user-readable api tokens in systemd units for JupyterHub | CVSS3: 7.9 | 0% Низкий | около 5 лет назад |
Уязвимостей на страницу