Vulnerability Details CVE-2020-15110
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 5.5
References
- https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0
- https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr
- https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0
- https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr
Products affected by CVE-2020-15110
-
cpe:2.3:a:jupyterhub:kubespawner:-
-
cpe:2.3:a:jupyterhub:kubespawner:0.10.0
-
cpe:2.3:a:jupyterhub:kubespawner:0.10.1
-
cpe:2.3:a:jupyterhub:kubespawner:0.11.0
-
cpe:2.3:a:jupyterhub:kubespawner:0.11.1
-
cpe:2.3:a:jupyterhub:kubespawner:0.6.0
-
cpe:2.3:a:jupyterhub:kubespawner:0.7.1
-
cpe:2.3:a:jupyterhub:kubespawner:0.8.0
-
cpe:2.3:a:jupyterhub:kubespawner:0.8.1
-
cpe:2.3:a:jupyterhub:kubespawner:0.9.0