CVE-2020-15110

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15110

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15110.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15110

Aliases

Related

GHSA-v7m9-9497-p9gr

Published

2020-07-17T21:15:12.857Z

Modified

2026-03-13T22:01:16.587102Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.

References

Affected packages

Git / github.com/jupyterhub/kubespawner

Affected ranges

Type

GIT

Repo

https://github.com/jupyterhub/kubespawner

Events

Introduced

Fixed

7aed1e1050e3b02798964af9dfb56e29571fa63d

Fixed

3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.12"
        }
    ]
}

Affected versions

0.*

0.10.0

0.10.1

0.11.0

0.11.1

0.9.0

v0.*

v0.6.0

v0.7.1

v0.8.0

v0.8.1

v0.9.0b1

v0.9.0b2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15110.json"