← voltar
CVE-2020-15110

Possible pod name collisions in jupyterhub-kubespawner

CVSS 6.8 MEDIUMEPSS 0.9%CWE-863
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Produtos afetados
jupyterhub · kubespawner

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/jupyterhub/kubespawner/commit/3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0https://github.com/jupyterhub/kubespawner/security/advisories/GHSA-v7m9-9497-p9gr