Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-zn45-t3yy-p7gf

Summary An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.)

Aliases

alias	CVE-2018-7206

alias	GHSA-8x3m-m3x9-54fj

alias	PYSEC-2018-151

alias	PYSEC-2018-68

Fixed_packages

url pkg:pypi/oauthenticator@0.6.2

purl pkg:pypi/oauthenticator@0.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f12e-7kyd-cyhg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oauthenticator@0.6.2

url pkg:pypi/oauthenticator@0.7.3

purl pkg:pypi/oauthenticator@0.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f12e-7kyd-cyhg

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oauthenticator@0.7.3

Affected_packages

url pkg:pypi/oauthenticator@0.6.0

purl pkg:pypi/oauthenticator@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f12e-7kyd-cyhg

vulnerability	VCID-zn45-t3yy-p7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oauthenticator@0.6.0

url pkg:pypi/oauthenticator@0.6

purl pkg:pypi/oauthenticator@0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zn45-t3yy-p7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oauthenticator@0.6

url pkg:pypi/oauthenticator@0.6.1

purl pkg:pypi/oauthenticator@0.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f12e-7kyd-cyhg

vulnerability	VCID-zn45-t3yy-p7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oauthenticator@0.6.1

url pkg:pypi/oauthenticator@0.7.0

purl pkg:pypi/oauthenticator@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f12e-7kyd-cyhg

vulnerability	VCID-zn45-t3yy-p7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oauthenticator@0.7.0

url pkg:pypi/oauthenticator@0.7

purl pkg:pypi/oauthenticator@0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zn45-t3yy-p7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oauthenticator@0.7

url pkg:pypi/oauthenticator@0.7.1

purl pkg:pypi/oauthenticator@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f12e-7kyd-cyhg

vulnerability	VCID-zn45-t3yy-p7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oauthenticator@0.7.1

url pkg:pypi/oauthenticator@0.7.2

purl pkg:pypi/oauthenticator@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f12e-7kyd-cyhg

vulnerability	VCID-zn45-t3yy-p7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oauthenticator@0.7.2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7206

reference_id

reference_type

scores

value	0.00651
scoring_system	epss
scoring_elements	0.71258
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7206

reference_url

https://blog.jupyter.org/security-fix-for-jupyterhub-gitlab-oauthenticator-7b14571d1f76

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://blog.jupyter.org/security-fix-for-jupyterhub-gitlab-oauthenticator-7b14571d1f76

reference_url

https://github.com/advisories/GHSA-8x3m-m3x9-54fj

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-8x3m-m3x9-54fj

reference_url

https://github.com/jupyterhub/oauthenticator

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterhub/oauthenticator

reference_url

https://github.com/jupyterhub/oauthenticator/blob/8499dc2/CHANGELOG.md#073---2018-02-16

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterhub/oauthenticator/blob/8499dc2/CHANGELOG.md#073---2018-02-16

reference_url

https://github.com/jupyterhub/oauthenticator/commit/1845c0e4b1bff3462c91c3108c85205acd3c75a2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jupyterhub/oauthenticator/commit/1845c0e4b1bff3462c91c3108c85205acd3c75a2

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2018-151.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/jupyterhub/PYSEC-2018-151.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/oauthenticator/PYSEC-2018-68.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/oauthenticator/PYSEC-2018-68.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7206

reference_id

CVE-2018-7206

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7206

Weaknesses

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zn45-t3yy-p7gf

Vulnerability Instance