CVE-2020-26250: Incorrect Authorization
(updated )
In oauthenticator, the deprecated (in jupyterhub ) configuration Authenticator.whitelist
, which should be transparently mapped to Authenticator.allowed_users
with a warning, is instead ignored by OAuthenticator
classes, resulting in the same behavior as if this configuration has not been set.
References
Detect and mitigate CVE-2020-26250 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →