CVE-2020-36191

Publication date 13 January 2021

Last updated 11 July 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

4.5 · Medium

Score breakdown

Description

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

Status

Package Ubuntu Release Status
jupyterhub 25.10 questing
Needs evaluation
25.04 plucky Ignored end of life, was needs-triage
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Needs evaluation
23.10 mantic Ignored end of life, was needs-triage
23.04 lunar Ignored end of life, was needs-triage
22.10 kinetic Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Ignored end of standard support

Severity score breakdown

Parameter Value
Base score 4.5 · Medium
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

References

Other references

Access our resources on patching vulnerabilities