漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
user-readable api tokens in systemd units
Vulnerability Description
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
将资源暴露给错误范围
Vulnerability Title
JupyterHub 安全漏洞
Vulnerability Description
JupyterHub是一款用于Jupyter的多用户服务器。 jupyterhub-systemdspawner 存在安全漏洞,该漏洞源于systemdspawner允许JupyterHub使用systemd生成单用户笔记本服务器。在版本0.15之前,在systemd单元环境中指定发送给单用户服务器的用户API令牌。所有用户都不能正确地访问这些令牌。特别是,littlest-jupyterhub会受到影响,它默认使用systemdspawner。在jupyterhub-systemdspawner v0.
CVSS Information
N/A
Vulnerability Type
N/A