Oauthenticator
Monthly
Authentication bypass in JupyterHub OAuthenticator <17.4.0 allows authenticated attackers with unverified email addresses on Auth0 tenants to login with arbitrary usernames, enabling account takeover when email is configured as the username claim. The vulnerability requires low-complexity exploitation over the network with low privileges (CVSS 8.8, AV:N/AC:L/PR:L). No public exploit identified at time of analysis, though the vendor has released a security advisory with technical details. EPSS data not available, but the authentication bypass nature and account takeover potential make this a priority for organizations using JupyterHub with Auth0 OAuth integration.
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
OAuthenticator is an OAuth token library for the JupyerHub login handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OAuthenticator is an OAuth login mechanism for JupyterHub. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Authentication bypass in JupyterHub OAuthenticator <17.4.0 allows authenticated attackers with unverified email addresses on Auth0 tenants to login with arbitrary usernames, enabling account takeover when email is configured as the username claim. The vulnerability requires low-complexity exploitation over the network with low privileges (CVSS 8.8, AV:N/AC:L/PR:L). No public exploit identified at time of analysis, though the vendor has released a security advisory with technical details. EPSS data not available, but the authentication bypass nature and account takeover potential make this a priority for organizations using JupyterHub with Auth0 OAuth integration.
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
OAuthenticator is an OAuth token library for the JupyerHub login handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
OAuthenticator is an OAuth login mechanism for JupyterHub. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.