How severe is CVE-2021-41194?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-41194?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2021-41194

CRITICAL Year: 2021

CVSS v3 Score

9.8

Critical

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user's account if `create_users=True` and the username is known or guessed. One may upgrade to version 1.0.0 or apply a patch manually to mitigate the vulnerability. For those who cannot upgrade, there is no complete workaround, but a partial mitigation exists. One can disable user creation with `c.FirstUseAuthenticator.create_users = False`, which will only allow login with fully normalized usernames for already existing users prior to jupyterhub-firstuserauthenticator 1.0.0. If any users have never logged in with their normalized username (i.e. lowercase), they will still be vulnerable until a patch or upgrade occurs.

CVE-2011-3544

CRITICAL

CVSS:9.8(Critical)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java a...

CWE-2842011

CVE-2012-1723

CRITICAL

CVSS:9.8(Critical)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows re...

CWE-2842012

CVE-2012-4681

CRITICAL

CVSS:9.8(Critical)

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses Se...

CWE-2842012

CVE-2012-5076

CRITICAL

CVSS:9.8(Critical)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, relat...

CWE-2842012

CVE-2014-10050

CRITICAL

CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, MSM8939, MSM8976, MSM8917, SDM845, and SDM660, access control collision vulnerability when accessing...

CWE-2842014

CVE-2014-10053

CRITICAL

CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/...

CWE-2842014

CVE-2021-41194

Vulnerability Description

Related Vulnerabilities

CVE-2011-3544

CVE-2012-1723

CVE-2012-4681

CVE-2012-5076

CVE-2014-10050

CVE-2014-10053