Possible pod name collisions in jupyterhub-kubespawner
What kind of vulnerability is it? Who is impacted? JupyterHub deployments using: KubeSpawner <= 0.11.1 (e.g. zero-to-jupyterhub 0.9.0) and enabled named_servers (not default), and an Authenticator that allows: usernames with hyphens or other characters that require escape (e.g. user-hyphen or user@email), and usernames which may match other usernames up to but not including the escaped character (e.g. user in the above cases) In this circumstance, certain usernames will be able …