CVE-2023-25574

{"id": "CVE-2023-25574", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-02-25T15:15:16.227", "references": [{"url": "https://github.com/jupyterhub/ltiauthenticator/blob/3feec2e81b9d3b0ad6b58ab4226af640833039f3/ltiauthenticator/lti13/validator.py#L122-L164", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jupyterhub/ltiauthenticator/blob/main/CHANGELOG.md#140---2023-03-01", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-mcgx-2gcr-p3hp", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are affected. `jupyterhub-ltiauthenticator` version 1.4.0 removes LTI13Authenticator to address the issue. No known workarounds are available."}, {"lang": "es", "value": "`jupyterhub-ltiauthenticator` es un autenticador de JupyterHub para la interoperabilidad de herramientas de aprendizaje (LTI). LTI13Authenticator, que se introdujo en `jupyterhub-ltiauthenticator` 1.3.0, no validaba las firmas JWT. Se cree que esto permite que LTI13Authenticator autorice una solicitud falsificada. Solo los usuarios que han configurado una instalaci\u00f3n de JupyterHub para usar la clase de autenticador `LTI13Authenticator` se ven afectados. La versi\u00f3n 1.4.0 de `jupyterhub-ltiauthenticator` elimina LTI13Authenticator para solucionar el problema. No hay workarounds conocidos disponibles."}], "lastModified": "2025-09-02T21:36:09.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jupyter:lti_jupyterhub_authenticator:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "972A882C-4130-4E8C-9B39-B83A2AF78F24"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}