CVE-2018-7206— Project Jupyter JupyterHub OAuthenticator 权限许可和访问控制问题漏洞

N/A

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.)

N/A

N/A

Project Jupyter JupyterHub OAuthenticator 权限许可和访问控制问题漏洞

Project Jupyter JupyterHub OAuthenticator是一款用于支持第三方身份验证的程序。 Project Jupyter JupyterHub OAuthenticator 0.6.2之前的0.6.x版本和0.7.3之前的0.7.x版本中存在权限许可和访问控制漏洞，该漏洞源于程序在使用GitLab群组白名单进行访问控制时，未正确检查小组成员的身份。远程攻击者可利用该漏洞在Hub上创建自己的帐户。

N/A

N/A