CVE-2020-26261

Published
View on NVD ↗
CVSS v3
7.9
HIGH
CVSS v2
3.3
LOW
Affected
2
PROJECTS

Description

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15

jupyterhub-systemdspawner
jupyterhub-systemdspawner
JupyterHub Spawner using systemd for resource isolation
Python Package IndexPython Package Index
jupyterhub/systemdspawner
jupyterhub/systemdspawner
Spawn JupyterHub single-user notebook servers with systemd
GitHubGitHub
101