Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Project Jupyter JupyterHub OAuthenticator 权限许可和访问控制问题漏洞
Vulnerability Description
Project Jupyter JupyterHub OAuthenticator是一款用于支持第三方身份验证的程序。 Project Jupyter JupyterHub OAuthenticator 0.6.2之前的0.6.x版本和0.7.3之前的0.7.x版本中存在权限许可和访问控制漏洞,该漏洞源于程序在使用GitLab群组白名单进行访问控制时,未正确检查小组成员的身份。远程攻击者可利用该漏洞在Hub上创建自己的帐户。
CVSS Information
N/A
Vulnerability Type
N/A