CVE-2021-41194: Improper Access Control in jupyterhub-firstuseauthenticator
(updated )
When JupyterHub is used with FirstUseAuthenticator, the vulnerability allows unauthorized access to any user’s account if create_users=True and the username is known or guessed.
References
- github.com/advisories/GHSA-5xvc-vgmp-jgc3
- github.com/jupyterhub/firstuseauthenticator
- github.com/jupyterhub/firstuseauthenticator/commit/953418e2450dbc2d854e332350849533b0ebc7ba
- github.com/jupyterhub/firstuseauthenticator/pull/38
- github.com/jupyterhub/firstuseauthenticator/pull/38.patch
- github.com/jupyterhub/firstuseauthenticator/pull/38/commits/32b21898fb2b53b1a2e36270de6854ad70e9e9bf
- github.com/jupyterhub/firstuseauthenticator/pull/38/commits/9e200d974e0cb85d828a6afedb8ab90a37878f28
- github.com/jupyterhub/firstuseauthenticator/security/advisories/GHSA-5xvc-vgmp-jgc3
- github.com/pypa/advisory-database/tree/main/vulns/jupyterhub-firstuseauthenticator/PYSEC-2021-384.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-41194
Code Behaviors & Features
Detect and mitigate CVE-2021-41194 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →