OAuth2 Identity Provider Configuration Flaw in JupyterHub by Jupyter Project
CVE-2024-37300
Currently unrated
What is CVE-2024-37300?
A configuration issue exists in JupyterHub with OAuth2 identity providers when used with GlobusOAuthenticator. In versions prior to 5.0, settings allowed institutions to restrict user access effectively. However, post upgrade to JupyterHub 5.0, the introduction of a precedence rule means the previous restrictions based on identity providers are ignored, potentially allowing unintended access to all users. Users should refrain from upgrading to JupyterHub 5.0 while maintaining the prior setup with GlobusOAuthenticator, or upgrade to OAuthenticator version 16.3.1 for a resolution.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.