CVE-2018-7206: JupyterHub OAuthenticator elevation of privilege
8.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.7078%
CWE
-
Published
5/13/2022
Updated
11/22/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
oauthenticator | pip | >= 0.6, < 0.6.2 | 0.6.2 |
oauthenticator | pip | >= 0.7, < 0.7.3 | 0.7.3 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from the group membership check logic in _check_group_whitelist. The pre-patch code for regular users used /groups API endpoint which returns groups a user has access to (including via project membership), not direct group membership. The fixed version (post-patch) directly checks /groups/{group}/members/{user_id} endpoint for each whitelisted group, ensuring actual membership. The diff shows the removal of the flawed group access check path for non-admin users, confirming this was the vulnerable code path.