JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-13T03:36:09
Updated: 2024-08-04T17:23:09.621Z
Reserved: 2021-01-13T00:00:00
Link: CVE-2020-36191
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-01-13T04:15:13.073
Modified: 2024-11-21T05:28:58.730
Link: CVE-2020-36191
Redhat
No data.