CVE-2021-41247: incomplete logout in JupyterHub
First published: Thu Nov 04 2021(Updated: )
### Impact Users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. ### Patches Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. ### Workarounds The only workaround is to make sure that only one JupyterLab tab is open when you log out.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jupyter Jupyterhub | >=1.0.0<1.5.0 | |
| pip/jupyterhub | >=1.0.0<1.5.0 | 1.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
- https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
- https://nvd.nist.gov/vuln/detail/CVE-2021-41247
- https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2021-386.yaml
- https://github.com/advisories/GHSA-cw7p-q79f-m2v7 (Advisory)
Frequently Asked Questions
What is CVE-2021-41247?
CVE-2021-41247 is a vulnerability in JupyterHub that can result in incomplete logout from the single-user server.
What is the severity of CVE-2021-41247?
CVE-2021-41247 has a severity rating of 7.5 (high).
How does CVE-2021-41247 affect JupyterHub?
CVE-2021-41247 affects JupyterHub versions from 1.0.0 to 1.5.0.
How can I fix CVE-2021-41247?
To fix CVE-2021-41247, it is recommended to update JupyterHub to a version beyond 1.5.0.
Where can I find more information about CVE-2021-41247?
More information about CVE-2021-41247 can be found in the following references: [link1](https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27), [link2](https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/remedy
- agent/severity
- agent/weakness
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-cw7p-q79f-m2v7
- alias/CVE-2021-41247
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/references
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- vendor/jupyter
- canonical/jupyter jupyterhub
- version/jupyter jupyterhub/1.0.0
- package-manager/pip