CVE-2018-7206
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/02/2018
Last modified:
13/01/2021
Description
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.)
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:jupyter:oauthenticator:0.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jupyter:oauthenticator:0.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jupyter:oauthenticator:0.7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jupyter:oauthenticator:0.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:jupyter:oauthenticator:0.7.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page