CVE-2020-26261

HIGH Year: 2020
CVSS v3 Score
7.9
High
CVSS v2 Score
3.3
Low
Weakness Type
CWE-668
View all →

Vulnerability Description

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15

Related Vulnerabilities

CVE-2024-21813

HIGH
CVSS:7.9(High)

Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-6682024

CVE-2014-0023

HIGH
CVSS:7.8(High)

OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution

CWE-6682014

CVE-2017-8185

HIGH
CVSS:7.8(High)

ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing ...

CWE-6682017

CVE-2018-10361

HIGH
CVSS:7.8(High)

An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow...

CWE-6682018

CVE-2018-15591

HIGH
CVSS:7.8(High)

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by lev...

CWE-6682018

CVE-2019-15341

HIGH
CVSS:7.8(High)

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com...

CWE-6682019