Vulnerability Details CVE-2020-36191
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.0%
CVSS Severity
CVSS v3 Score 4.5
CVSS v2 Score 3.5
References
Products affected by CVE-2020-36191
-
cpe:2.3:a:jupyter:jupyterhub:1.1.0