oauthenticator@0.6.1 vulnerabilities
OAuthenticator: Authenticate JupyterHub users with common OAuth providers
-
latest version
16.3.0
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
2 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the oauthenticator package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Authentication Bypass that relies on membership in a Google organization/workspace for authentication by matching the How to fix Authentication Bypass? Upgrade |
[,16.3.0)
|
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key when using How to fix Authorization Bypass Through User-Controlled Key? Upgrade |
[,15.0.0)
|
oauthenticator is an authenticator package. Affected versions of this package are vulnerable to Authentication Bypass. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users, accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using How to fix Authentication Bypass? Upgrade |
[0.6.0,0.6.2)
[0.7.0,0.7.3)
|