CVE-2023-25574

CVSS 3.1 Score 10 of 10 (high)

Details

Published Feb 25, 2025

CWE ID 347

Summary

CVE-2023-25574 is a vulnerability affecting the `jupyterhub-ltiauthenticator` JupyterHub authenticator for Learning Tools Interoperability (LTI). The LTI13Authenticator, which was introduced in version 1.3.0, failed to validate JWT signatures, potentially allowing forged requests to be authorized. This issue only affects users who have configured their JupyterHub installations to use the `LTI13Authenticator`. Affected users are advised to upgrade to version 1.4.0, which removes the problematic authenticator. No known workarounds are available at this time.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/qAYBog
https://www.cve.org/CVERecord?id=CVE-2023-25574
https://nvd.nist.gov/vuln/detail/CVE-2023-25574

Back to Vulnerability Database

CVE-2023-25574

CVSS 3.1 Score 10 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations