CVE-2020-26261: Exposure of Resource to Wrong Sphere
(updated )
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users.
References
Detect and mitigate CVE-2020-26261 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →