Usernames with Matching Names Vulnerability in JupyterHub-KubeSpawner

Usernames with Matching Names Vulnerability in JupyterHub-KubeSpawner

CVE-2020-15110 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.

Learn more about our Cis Benchmark Audit For Server Software.