Candidate: CVE-2021-41247
PublicDate: 2021-11-04 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41247
 https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
 https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
Description:
 JupyterHub is an open source multi-user server for Jupyter notebooks. In
 affected versions users who have multiple JupyterLab tabs open in the same
 browser session, may see incomplete logout from the single-user server, as
 fresh credentials (for the single-user server only, not the Hub) reinstated
 after logout, if another active JupyterLab session is open while the logout
 takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is
 jupyterhub in the _user_ environment that needs patching. There are no
 patches necessary in the Hub environment. The only workaround is to make
 sure that only one JupyterLab tab is open when you log out.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_jupyterhub:
upstream_jupyterhub: released (2.0.0+ds1-1)
trusty_jupyterhub: ignored (out of standard support)
xenial_jupyterhub: ignored (out of standard support)
devel_jupyterhub: not-affected (2.0.0+ds1-2)