JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-13T03:36:09

Updated: 2024-08-04T17:23:09.621Z

Reserved: 2021-01-13T00:00:00

Link: CVE-2020-36191

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-13T04:15:13.073

Modified: 2024-11-21T05:28:58.730

Link: CVE-2020-36191

cve-icon Redhat

No data.