CVE-2020-15110
Possible pod name collisions in jupyterhub-kubespawner
6.8
MEDIUM
CVSS 3.1
EPSS 0.22%
Description
In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12.
How to fix CVE-2020-15110
To remediate CVE-2020-15110, upgrade the affected package to a fixed version below.
- —upgrade to 0.12.0 or later
- —upgrade to 3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0 or later
Is CVE-2020-15110 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.12.0
- from 0, < 3dfe870a7f5e98e2e398b01996ca6b8eff4bb1d0 | from 0, < 0.12.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.8 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |