CVE-2018-7206: Improper Access Control
(updated )
An issue was discovered in Project Jupyter JupyterHub OAuthenticator. When using JupyterHub with a GitLab allowlist for access control, group membership is not checked correctly, allowing members that are not in the allowlist to create accounts on the Hub.
References
Detect and mitigate CVE-2018-7206 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →