Is CVE-2018-7206 actively exploited?

CVE-2018-7206 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-7206?

CVE-2018-7206 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2018-7206?

Patch guidance is available from jupyter security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-7206.

Fix CVE-2018-7206 - HIGH jupyter oauthenticator

Q: Which products are affected by CVE-2018-7206?

5 products: jupyter oauthenticator, jupyter oauthenticator, jupyter oauthenticator, jupyter oauthenticator, jupyter oauthenticator.

Description

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.)

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: NVD-CWE-noinfo

Metadata

Primary Vendor: JUPYTER
Published: 2/18/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

jupyter : oauthenticatorjupyter : oauthenticatorjupyter : oauthenticatorjupyter : oauthenticatorjupyter : oauthenticator

Remediation Guidance

Executive Summary

View on NIST NVD