漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
incomplete logout in JupyterHub
Vulnerability Description
JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
JupyterHub 代码问题漏洞
Vulnerability Description
JupyterHub是一款用于Jupyter的多用户服务器。 JupyterHub 存在安全漏洞,该漏洞源于在受影响的版本中,在同一个浏览器会话中打开多个 JupyterLab 选项卡的用户可能会看到从单用户服务器注销不完整,因为新凭据(仅适用于单用户服务器,而不是集线器)在注销后恢复,如果另一个活动 JupyterLab 会话在注销时打开。
CVSS Information
N/A
Vulnerability Type
N/A