Your submission was sent successfully! Close

CVE-2020-36191

Published: 13 January 2021

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

Priority

Medium

CVSS 3 base score: 4.5

Status

Package Release Status
jupyterhub
Launchpad, Ubuntu, Debian
jammy Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)