CVE-2020-26261 - OpenCVE

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jupyterhub	Systemdspawner

Configuration 1 [-]

cpe:2.3:a:jupyterhub:systemdspawner:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015
https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580
https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6
https://pypi.org/project/jupyterhub-systemdspawner/

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-12-09T16:30:14

Updated: 2024-08-04T15:56:03.813Z

Reserved: 2020-10-01T00:00:00

Link: CVE-2020-26261

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-09T17:15:30.603

Modified: 2020-12-10T21:46:28.990

Link: CVE-2020-26261

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "systemdspawner", "vendor": "jupyterhub", "versions": [{"status": "affected", "version": "< 0.15"}]}], "descriptions": [{"lang": "en", "value": "jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "CWE-668: Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-09T16:30:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015"}, {"tags": ["x_refsource_MISC"], "url": "https://pypi.org/project/jupyterhub-systemdspawner/"}], "source": {"advisory": "GHSA-cg54-gpgr-4rm6", "discovery": "UNKNOWN"}, "title": "user-readable api tokens in systemd units", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-26261", "STATE": "PUBLIC", "TITLE": "user-readable api tokens in systemd units"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "systemdspawner", "version": {"version_data": [{"version_value": "< 0.15"}]}}]}, "vendor_name": "jupyterhub"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-668: Exposure of Resource to Wrong Sphere"}]}]}, "references": {"reference_data": [{"name": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6", "refsource": "CONFIRM", "url": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6"}, {"name": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580", "refsource": "MISC", "url": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580"}, {"name": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015", "refsource": "MISC", "url": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015"}, {"name": "https://pypi.org/project/jupyterhub-systemdspawner/", "refsource": "MISC", "url": "https://pypi.org/project/jupyterhub-systemdspawner/"}]}, "source": {"advisory": "GHSA-cg54-gpgr-4rm6", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:56:03.813Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pypi.org/project/jupyterhub-systemdspawner/"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-26261", "datePublished": "2020-12-09T16:30:14", "dateReserved": "2020-10-01T00:00:00", "dateUpdated": "2024-08-04T15:56:03.813Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jupyterhub:systemdspawner:*:*:*:*:*:*:*:*", "matchCriteriaId": "175655AE-2247-4426-8AE8-0AD5532FBC50", "versionEndExcluding": "0.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15"}, {"lang": "es", "value": "jupyterhub-systemdspawner permite que JupyterHub genere servidores de port\u00e1tiles de un solo usuario utilizando systemd. En jupyterhub-systemdspawner, versiones anteriores a 0.15, los tokens de la API de usuario emitidos a servidores de un solo usuario son especificados en el entorno de las unidades systemd. Estos tokens son incorrectamente accesibles para todos los usuarios. En particular, est\u00e1 afectado the-littlest-jupyterhub, que usa systemdspawner por defecto. Esto est\u00e1 parcheado en jupyterhub-systemdspawner versi\u00f3n v0.15"}], "id": "CVE-2020-26261", "lastModified": "2020-12-10T21:46:28.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-12-09T17:15:30.603", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/jupyterhub/systemdspawner/blob/master/CHANGELOG.md#v015"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jupyterhub/systemdspawner/commit/a4d08fd2ade1cfd0ef2c29dc221e649345f23580"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/jupyterhub/systemdspawner/security/advisories/GHSA-cg54-gpgr-4rm6"}, {"source": "security-advisories@github.com", "tags": ["Product", "Third Party Advisory"], "url": "https://pypi.org/project/jupyterhub-systemdspawner/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "security-advisories@github.com", "type": "Secondary"}]}