Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2020-36191

Disclosure Date: January 13, 2021 (last updated February 22, 2025)
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0