CRITICAL🇵🇱 Wersja polska

CVE-2023-25574

CVSS 10.0v3.1pub. 2025-02-25upd. 2025-09-02

`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are affected. `jupyterhub-ltiauthenticator` version 1.4.0 removes LTI13Authenticator to address the issue. No known workarounds are available.

🤖 AI Analysis
How it works

The `LTI13Authenticator` class, introduced in version 1.3.0, implements authentication based on the LTI 1.3 protocol using JWT tokens. The flaw lies in the lack of verification of the JWT token's cryptographic signature (CWE-347 — Improper Verification of Cryptographic Signature). An attacker can construct any forged JWT token and submit it to the authentication endpoint, and the system will accept it as valid. No credentials or permissions are required — the attack is possible remotely without user interaction.

Impact

An attacker can gain unauthorized access to a JupyterHub instance, potentially impersonating any user, including an administrator, which poses a risk of complete environment takeover, data disclosure, and violation of system integrity and availability.

Mitigation & patch

Update `jupyterhub-ltiauthenticator` to version 1.4.0, in which the `LTI13Authenticator` class has been removed to eliminate the vulnerability. The vendor does not provide any workarounds — updating the package is the only solution.

Who is affected

JupyterHub installations using the `jupyterhub-ltiauthenticator` package in version 1.3.0 that have been configured to use the `LTI13Authenticator` authentication class.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Jupyter Lti Jupyterhub Authenticator

    APP
    Jupyter
    1.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-34052MEDIUM5.9ten sam produkt

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 valida...

CVE-2026-44727CRITICAL9.3PL ✓ten sam vendor

Stored XSS w Jupyter Server umożliwiający RCE przez nbconvert

CVE-2024-39700CRITICAL9.9PL ✓ten sam vendor

RCE w szablonie rozszerzenia JupyterLab via GitHub Actions workflow

CVE-2024-35225CRITICAL9.6PL ✓ten sam vendor

Reflected XSS w Jupyter Server Proxy — endpoint /proxy

CVE-2024-28179CRITICAL9.0PL ✓ten sam vendor

Brak uwierzytelnienia przy proxy websocketów w Jupyter Server Proxy — RCE