RSS   Vulnerabilities for 'Systemdspawner'   RSS

2020-12-09
 
CVE-2020-26261

CWE-668
 

 
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15

 

 >>> Vendor: Jupyterhub 4 Products
Kubespawner
Systemdspawner
Nbgitpuller
First use authenticator


Copyright 2024, cxsecurity.com

 

Back to Top