Ubuntu.comUB:CVE-2021-41247CVE-2021-41247
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.7%
JupyterHub is an open source multi-user server for Jupyter notebooks. In
affected versions users who have multiple JupyterLab tabs open in the same
browser session, may see incomplete logout from the single-user server, as
fresh credentials (for the single-user server only, not the Hub) reinstated
after logout, if another active JupyterLab session is open while the logout
takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is
jupyterhub in the user environment that needs patching. There are no
patches necessary in the Hub environment. The only workaround is to make
sure that only one JupyterLab tab is open when you log out.
References
github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
launchpad.net/bugs/cve/CVE-2021-41247
nvd.nist.gov/vuln/detail/CVE-2021-41247
security-tracker.debian.org/tracker/CVE-2021-41247
www.cve.org/CVERecord?id=CVE-2021-41247
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
26.7%